Skip to main content
Question

Script Pushing a certificate and dealing with Google's change to encrypted searches...

  • October 9, 2013
  • 6 replies
  • 33 views
G
Forum|alt.badge.img+18

Hey all,
So since a few weeks ago we have been trying to implement a solution to having our content filter work with encrypted searches from Google. We have a sonic wall and the recommendation is to turn on DPI-SSL or deep packet inspection. To do this though I have to push a certificate to all machines to allow the sonic wall as a trusted source. I have been working with the importCACert.sh file from here and can't seem to get it to work.

BTW I'm not the best at scripting and I'm sure I just left something out so any help would be great!

No matter what I try I'm still getting the Error as follows "No value was specified for the caCertLocation variable or the file does not exist. Please specify a value for the variable or ensure that you are running this script after installing the certificate."

I have already placed the .cer file into a folder I created in the directory /Library/Application Support/JAMF/Certs
but continue to get the same error.

My variables look like this:

# HARDCODED VALUES ARE SET HERE
caCertLocation="/Library/Application Support/JAMF/Certs/SonicWall_DPI-SSL_CA.cer" #Example: "/Library/Application Support/JAMF/CompanyCA.pem"

# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "caCertLocation"
if [ "$4" != "" ] && [ "$caCertLocation" == "" ];then
    caCertLocation=$4
fi

Any ideas?
Gabe Shackney
Princeton Public Schools

GabePrinceton Public Schools

    6 replies

    cdenesha
    Forum|alt.badge.img+14
    • cdenesha
    • Honored Contributor
    • October 10, 2013

    I've only played with bash scripting a couple of times, but let's see if I can help.

    Figure out where it is breaking down by echoing out the variables and then run from the command prompt.

    echo $4
    echo $caCertLocation

    N
    Forum|alt.badge.img+19
    • nkalister
    • Contributor
    • October 10, 2013

    that import CAcert script is crazy, I never use it.

    All you need is a pkg that drops the certificates on the hard drive, then in your postlfight script, run this command if it's a root cert

    security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/the/cert/file

    if it's an intermediate cert, use this command to install it to your keychain

    security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /path/to/the/cert/file

    make sure to scroll to see the entire command! they're both cut off on the right.

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 11, 2013

    Why not via a config profile?

    T
    Forum|alt.badge.img+21
    • tkimpton
    • Honored Contributor
    • October 11, 2013

    +1 for config profile :)

    N
    Forum|alt.badge.img+19
    • nkalister
    • Contributor
    • October 11, 2013

    yeah, nothing wrong with a config profile. i made my certificate package before profiles were a thing . . . . If I was doing it now, I'd probably use a profile, too, so ignore me and use a profile! :)

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • October 11, 2013

    Used that script too on 10.6. But when 10.7 came around moved to config profiles.

    Especially handy as our internal CA Cert expires annually. :(

    Terms & ConditionsCookie settingsAccessibility statement