- Jamf Nation Community
- Products
- Jamf Pro
- Re: How to make a cert trust through JAMF
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to make a cert trust through JAMF
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2022 03:16 PM
Is there any way is there to make a cert set as Always Trust in system keychain through JAMF? I have few devices where Zscaler cert is not set as Always Trust when the device got the certificate from Zscaler.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-24-2022 01:54 AM
Yes I've done this for Zscaler. Upload the cert you have installed on a device, into a Configuration Profile, on the certificatate payload. I have the tick box 'Allow all apps access' ticked. The cert will be deployed to any scoped devices and will show as Always Trust.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-27-2022 12:56 AM
I have done this through a custom package using jamf composer
1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user
2) Use the following post install script when you create the package for pushing
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-17-2022 08:10 AM
I, too have used Composer to build a pkg to distribute and install .cer. My sudo script is a bit different but basically the same as above. My issue is that upon installation, I get the following error in /var/log/install.log
./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer
How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\ Support/JAMF/Waiting\ Room/" directory so i can run the sudo command?
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-19-2023 11:21 PM
Dont put it in the waiting room, you can put it in private/tmp directory and use this path in the script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-19-2022 08:25 AM
Gave up on distribution with pkg. Used Configuration Profile and it worked great.
Thank you,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2023 07:00 AM
Since I'm stuck here this my non-functionnal process and I dont know where I'm wrong. My ISE profile is always displayed as non trusted on end users keychains
1 > adding the certificate to my computer on Sytem level, everything is set to Trust
2 > Creating a signed profile with the certificate that will be deployed on the computer lever
3 > Creating a Configuration profile on Jamf and its properly sent to end users but as non trusted.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-08-2024 02:19 AM
Anyone one got that solved for ISE.
