- Jamf Nation Community
- Products
- Jamf Pro
- Script Pushing a certificate and dealing with Goog...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Script Pushing a certificate and dealing with Google's change to encrypted searches...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-09-2013 05:35 AM
Hey all,
So since a few weeks ago we have been trying to implement a solution to having our content filter work with encrypted searches from Google. We have a sonic wall and the recommendation is to turn on DPI-SSL or deep packet inspection. To do this though I have to push a certificate to all machines to allow the sonic wall as a trusted source. I have been working with the importCACert.sh file from here and can't seem to get it to work.
BTW I'm not the best at scripting and I'm sure I just left something out so any help would be great!
No matter what I try I'm still getting the Error as follows "No value was specified for the caCertLocation variable or the file does not exist. Please specify a value for the variable or ensure that you are running this script after installing the certificate."
I have already placed the .cer file into a folder I created in the directory /Library/Application Support/JAMF/Certs
but continue to get the same error.
My variables look like this:
# HARDCODED VALUES ARE SET HERE
caCertLocation="/Library/Application Support/JAMF/Certs/SonicWall_DPI-SSL_CA.cer" #Example: "/Library/Application Support/JAMF/CompanyCA.pem"
# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "caCertLocation"
if [ "$4" != "" ] && [ "$caCertLocation" == "" ];then
caCertLocation=$4
fiAny ideas?
Gabe Shackney
Princeton Public Schools
Gabe Shackney
Princeton Public Schools
Princeton Public Schools
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2013 08:15 AM
I've only played with bash scripting a couple of times, but let's see if I can help.
Figure out where it is breaking down by echoing out the variables and then run from the command prompt.
echo $4
echo $caCertLocation
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2013 04:04 PM
that import CAcert script is crazy, I never use it.
All you need is a pkg that drops the certificates on the hard drive, then in your postlfight script, run this command if it's a root cert
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/the/cert/fileif it's an intermediate cert, use this command to install it to your keychain
security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /path/to/the/cert/filemake sure to scroll to see the entire command! they're both cut off on the right.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2013 11:06 PM
Why not via a config profile?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-10-2013 11:40 PM
+1 for config profile :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2013 09:55 AM
yeah, nothing wrong with a config profile. i made my certificate package before profiles were a thing . . . . If I was doing it now, I'd probably use a profile, too, so ignore me and use a profile! :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-11-2013 11:42 AM
Used that script too on 10.6. But when 10.7 came around moved to config profiles.
Especially handy as our internal CA Cert expires annually. :(
