So since a few weeks ago we have been trying to implement a solution to having our content filter work with encrypted searches from Google. We have a sonic wall and the recommendation is to turn on DPI-SSL or deep packet inspection. To do this though I have to push a certificate to all machines to allow the sonic wall as a trusted source. I have been working with the importCACert.sh file from here and can't seem to get it to work.
BTW I'm not the best at scripting and I'm sure I just left something out so any help would be great!
No matter what I try I'm still getting the Error as follows "No value was specified for the caCertLocation variable or the file does not exist. Please specify a value for the variable or ensure that you are running this script after installing the certificate."
I have already placed the .cer file into a folder I created in the directory /Library/Application Support/JAMF/Certs
but continue to get the same error.
My variables look like this:
# HARDCODED VALUES ARE SET HERE caCertLocation="/Library/Application Support/JAMF/Certs/SonicWall_DPI-SSL_CA.cer" #Example: "/Library/Application Support/JAMF/CompanyCA.pem" # CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "caCertLocation" if [ "$4" != "" ] && [ "$caCertLocation" == "" ];then caCertLocation=$4 fi
Princeton Public Schools
I've only played with bash scripting a couple of times, but let's see if I can help.
Figure out where it is breaking down by echoing out the variables and then run from the command prompt.
that import CAcert script is crazy, I never use it.
All you need is a pkg that drops the certificates on the hard drive, then in your postlfight script, run this command if it's a root cert
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/the/cert/file
if it's an intermediate cert, use this command to install it to your keychain
security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /path/to/the/cert/file
make sure to scroll to see the entire command! they're both cut off on the right.
yeah, nothing wrong with a config profile. i made my certificate package before profiles were a thing . . . . If I was doing it now, I'd probably use a profile, too, so ignore me and use a profile! :)