RootCert EXTA?

ChrisLeeSSD
New Contributor II

Hello JAMF members,

Trying to create a EXTA to tell me if our Macbooks have our RootCA cert or not.

I have managed to use the following Terminal command:

security find-cert -c ISD720CA

Which returns the following:

keychain: "/Users/clee/Library/Keychains/login.keychain"
class: 0x80001000 
attributes:
    "alis"<blob>="ISD720CA"
    "cenc"<uint32>=0x00000003 
    "ctyp"<uint32>=0x00000001 
    "hpky"<blob>=0x8C007403A13DB2618B964760D37694CB4175B796  "214�00t�03241=262a213226G`323v224313Au267226"
    "issu"<blob>=0x304031133011060A0992268993F22C6401191603434F4D31163014060A0992268993F22C64011916064953443732303111300F060355040313084953443732304341  "0@1�230�21�06�12�11222&211223362,d�01�31�26�03COM1�260�24�06�12�11222&211223362,d�01�31�26�06ISD7201�210�17�06�03U�04�03�23�10ISD720CA"
    "labl"<blob>="ISD720CA"
    "skid"<blob>=0x8C007403A13DB2618B964760D37694CB4175B796  "214�00t�03241=262a213226G`323v224313Au267226"
    "snbr"<blob>=0x3F830DCC8E55178F41951E7AA14C2ECD  "?203�15314216U�27217A225�36z241L.315"
    "subj"<blob>=0x304031133011060A0992268993F22C6401191603434F4D31163014060A0992268993F22C64011916064953443732303111300F060355040313084953443732304341  "0@1�230�21�06�12�11222&211223362,d�01�31�26�03COM1�260�24�06�12�11222&211223362,d�01�31�26�06ISD7201�210�17�06�03U�04�03�23�10ISD720CA"

All I want the EXTA to say is if alis = "ISD720CA" then TRUE else FALSE

Any help is greatly appreciated.

Thanks

2 REPLIES 2

thoule
Valued Contributor II
1) #!/bin/sh
2) certExists=`security find-cert -c ISD720CA 2>/dev/null`
3) if [ -z $certExists ]; then
4)     echo "<result>No Cert</result>"
5) else
6)     echo "<result>ISD720CA is Installed</result>"
7) fi

1- Dear computer, this is a shell script. Execute it with sh
2- Dump security command output into 'certExists' variable. "2>/dev/null" means suppress error messages
3- If certExists is null (variable is empty)
4- Echo No Cert in result tags - that's what Extension attributes look for
5-7- Else echo "is installed" and close the if statement.

ChrisLeeSSD
New Contributor II

thoule,

Awesome thanks alot.