Help

Keychain & Certificate lockdown

jmltapp1971
New Contributor

Posted on ‎11-18-2015 07:50 AM

Hi we are implementing our Casper solution at the moment, and our Security group has found an issue that they need us to resolve before going live.

When the macs join our network they are receiving our main domain certificates which in turn allow use of Lync by the users. However one attribute they are not gaining from the pc originating certs is that we need to ensure that they cannot be exported from the keychain. Does anyone know of a method to either disable export or put it under password control. I have looked elsewhere online but cant find a way to truly lock it down.

Many thanks for any help.

0 Kudos
Reply
2 REPLIES 2

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎11-18-2015 08:36 AM

Hi,

Most of the control is set when creating the certificate. You can give it a passphrase that can be deployed using a conf profile in Casper.

0 Kudos
Reply

calumhunter
Valued Contributor

Posted on ‎11-18-2015 05:45 PM

Why do you want to stop them from exporting the cert?

If the users have access to read the cert, then how do you prevent them from exporting it?

0 Kudos
Reply