How to make a cert trust through JAMF

New Contributor III

Is there any way is there to make a cert set as Always Trust in system keychain through JAMF? I have few devices where Zscaler cert is not set as Always Trust when the device got the certificate from Zscaler.


Contributor II

Yes I've done this for Zscaler. Upload the cert you have installed on a device, into a Configuration Profile, on the certificatate payload. I have the tick box 'Allow all apps access' ticked. The cert will be deployed to any scoped devices and will show as Always Trust.

New Contributor III

I have done this through a custom package using jamf composer

1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user

2) Use the following post install script when you create the package for pushing

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>

New Contributor II

I, too have used Composer to build a pkg to distribute and install .cer.  My sudo script is a bit different but basically the same as above.  My issue is that upon installation, I get the following error in /var/log/install.log

./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer

How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\ Support/JAMF/Waiting\ Room/" directory so i can run the sudo command?


New Contributor III

Dont put it in the waiting room, you can put it in private/tmp directory and use this path in the script.


New Contributor II

Gave up on distribution with pkg.  Used Configuration Profile and it worked great.

Thank you,


Since I'm stuck here this my non-functionnal process and I dont know where I'm wrong. My ISE profile is always displayed as non trusted on end users keychains


1 > adding the certificate to my computer on Sytem level, everything is set to Trust

2 > Creating a signed profile with the certificate that will be deployed on the computer lever

3 > Creating a Configuration profile on Jamf and its properly sent to end users but as non trusted.


New Contributor II

Anyone one got that solved for ISE.