Gathering user certificate info

xian
New Contributor II

Hello:
Issues with user certs in the login keychain normally have one of two possible causes - a missing cert or an expired cert. I was hoping to add an item to Self Service which allows the enduser to run a check that will display a status using Jamf Helper, in order to provide that to the attending IT tech for resolution.
I was able add an item that captured the existing cert by the Real Name naming convention. The script ran successfully if the login keychain only contains one user certificate titled with Real Name, or is missing a cert with that name. However, I ran into an issue where the script would fail if the login keychain contained multiple user certificates under that name (for instance, one current certificate and one expired certificate).
What I am looking for is a way to loop through the certs in the login keychain using either while/do or for, but so far haven't been successful.
This is a portion of the search for an instance of a cert named after the Real Name entry that does work for me when the login keychain only contains one certificate under that name:
verifyCert=security find-certificate -a -c $realName -Z login.keychain | grep labl | sed 's/<.*//' | sed 's/"//g'

if [ $verifyCert = labl ]; then
certexpdate=$(/usr/bin/security find-certificate -a -c "$realName" -p -Z "$desired_keychain" | /usr/bin/openssl x509 -noout -enddate | cut -f2 -d=)

dateformat=$(/bin/date -j -f "%b %d %T %Y %Z" "$certexpdate" "+%Y-%m-%d %H:%M:%S")
message="$realName has an expiration date of $certexpdate."
fi

Thanks for any insight you can give me with this one.

0 REPLIES 0