I want to deploy Zscaler app using self service , but when standard user want to install it , need to type admin password for modify system keychain. Do you know some way how to solve this? or add more admin privileges to this app?
Thank for help
You don't want to install certificates with a script. MacOS will want authentication to trust the certificate, and Apple removed the ability to bless that authentication with CLI back in 2021 so it will prompt the user.
Since it is a keychain authentication and not an app authentication, I would start by deploying the certificate with the configuration profile. I would wager this would solve our certificate keychain auth prompt problem. Its also a lot easier to manage a certificate with a configuration profile.
You can create a package with zscaler root certificate and drop the package somewhere on user system which will be accessible by any logged in user when policy is executed. certificate will be trusted automatically
When creating the package for zscaler root certificate, add the following post install script
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>
(Filepath at the end of the command should match with the filepath where you will be placing your root certificate)
For more ref. please find another thread related to discussion on same topic.
-k no longer works to trust a certificate in the keychain. If you use -k it will prompt the user to enter admin credentials to trust the certificate. This change happed with macOS Monterey. To trust a certificate it must be deployed with a configuration profile, you cannot build from source either.
Does anyone know how can I suppress this popup, when I'm deploying the v.3.9? I've added the Config Profile with Zscaler cert, but this "com.zscaler.Zscaler" entry is coming up and I don't know how can I deal with it.