Help

How to install certificat by policy on the keychain login of user

MORPHO
New Contributor

Posted on ‎08-27-2015 06:52 AM

Hi Hello I need install a certificate on the keychain System & Keychain Login,for that i created a script & package for this, the package copy localy on the mac the certificate and the script install the certificate on keychain.

My script :

!/bin/bash

sudo security add-trusted-cert -d -r unspecified -k ~/Library/Keychains/login.keychain "/path/etc/certificat CA1.cer"

sudo security add-trusted-cert -d -r unspecified -k /Library/Keychains/System.keychain "/path/etc/certificat CA1.cer"

For the System Keychain is ok but not for the login keychain.

When i publish this policy on the self service, i don't have problems the certificate is installed on the 2 keychain ( Login & system )

Cordially

Malik

0 Kudos
Reply
3 REPLIES 3

Look
Valued Contributor III

Posted on ‎08-27-2015 03:42 PM 

~/Library/Keychains/login.keychain

Only exists when a user is logged in and only for that particular user so when you run it as a policy it will probably not work, Self Service will definitely have a logged in user and is probably managing to work out what ~ means.
You will either need to loop through all the users some how if you want it for everyone or use a login triggered policy and detect the user with something like.

Current_User=$(stat -f%Su /dev/console | awk '!/root/')

Make sure it's not empty then use something like.

/Users/$Current_User/Library/Keychains/login.keychain

In your script to reference the keychain.

0 Kudos
Reply

MORPHO
New Contributor

Posted on ‎08-28-2015 01:05 AM

Hi look

Thanks you for your reply, i have test your script but same error

Script result: SecCertificateAddToKeychain: The specified keychain could not be found.

My script :

!/bin/bash

Cuurent_User=$(stat -f%Su /dev/console | awk '!/root/')

sudo security add-trusted-cert -d -r unspecified -k /Users/$Current_User/Library/Keychains/login.keychain "/path/etc/certificat CA1.cer"

sudo security add-trusted-cert -d -r unspecified -k /Library/Keychains/System.keychain "/path/etc/certificat CA1.cer"

This script work just for install certificat on the keychain system but no work for the keychain User.

Cordially

Malik

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎08-29-2015 07:43 AM

@OUDJAMAA why scripting this & not via config profiles?

0 Kudos
Reply