Here's hoping someone smarter than me can answer this:
I have a client whose in-house developers have created a system of printing shipping labels from their intranet system. It uses Zebra label printers connected to the Mac Mini stations via USB and an application called QZ Tray by QZ.io.
To deploy the app, one has to include a self-signed certificated called 'override.crt' embedded in the app bundle's Resources folder. Then when the app is launched for the first time, the logged in user must enter their password to accept the certificate. You can not change the username to use a different (hidden admin) account instead. It must be the username and password of the launching user. It should be noted that at no point does the cert show up in Keychain Access before or after this.
I have tried using openssl to covert the .crt file to a .cer file and deploying it via a Configuration Profile in Jamf. When I do, the cert shows up in Keychain Access and the serial and signature match the file in the Resources folder of the app. But first launch of the app still requires the user to enter their password.
Has anyone encountered either QZ Tray specifically, or some other app that requires its own embedded certificate to work?
The goal is to fully automate the deployment of this application and printer configuration without requiring user intervention.
