Script help?

jwojda
Valued Contributor II

So we have had an issue with our M$ Messenger and finally got a fix for
it today. The downside is that it requires a bit of terminal
interaction. What would be the best way to go through this as we have
to deploy to about 500 machines...

* Save attached file without the .TXT extension.

* Open Keychain Access from Applications/Utilities.

* Go to File->Add Keychain.

* At this point you are in ~/Library/Keychains. Browse to
/System/Library/Keychains and add X509Anchors.

* Right-click the newly added keychain and unlock it.

* Open Terminal from Applications/Utilities.

* sudo chmod -R 777 /System/Library/Keychains

* Double-click the certificate and add it to the X509Anchors
keychain.

* Go back to your terminal window. If you closed it, just open
another.

* sudo chmod 755 /System/Library/Keychains (no -R this time as
the files inside have different permissions)

* sudo chmod 644 /System/Library/Keychains/*

* Close Terminal and Keychain Access.

John Wojda

Lead System Engineer, DEI & Mobility

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana

Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>

"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"

6 REPLIES 6

rockpapergoat
Contributor III

you shouldn't change the keychain's mode to 777, but you should use /usr/bin/security to add your certificate.

see this for example syntax for adding a properly formatted cert to the system keychain.

https://github.com/tspgit/luggage/blob/master/802.1x_profile_10.5/postflight

rmanly
Contributor III

I deployed our cert to the root level via policy and then ran the following
to add it to the Keychain in an After script.

#!/bin/sh

security add-trusted-cert -d -k "/System/Library/Keychains/X509Anchors"
/certnew.cer

rm /certnew.cer

Ryan M. Manly
Glenbrook High Schools

jarednichols
Honored Contributor

x509 anchors is deprecated. Use System if possible.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

jwojda
Valued Contributor II

We tried system, couldn't get it to run.

jarednichols
Honored Contributor

Let's just say you should get that sorted if you've got plans for Lion. :)

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

rmanly
Contributor III

It was hard coded to look in X509Anchors.

I don't know if this has changed at all in Messenger/Communicator updates. I
know that it did not work with System when I was doing this a year or so
ago.

Luckily I don't have to deal with it now as the administration has decided
they do not want the legal ramifications of logging IM sessions etc.

Ryan M. Manly
Glenbrook High Schools