Posted on 09-22-2009 09:39 AM
Does anyone know if there a way to push browser trust certificates and make
them machine-wide?
Julius Wilpon
Director, Technology Support
Pearson | Architecture, Engineering & Support
1 Lake Street
Upper Saddle River, NJ 07458
201-236-7817 Office
201-574-6930 Cell
201-676-0872 Google Voice
Julius.wilpon at pearson.com
P Pearson is Green. Please consider the environment before printing this
e-mail.
Posted on 09-22-2009 10:02 AM
You can deliver the actual certificate to a location on the machine (I use /Library/Application Support/<<org name>>) and then use a postflight script that calls the security command to add it to various keychains.
j
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 09-22-2009 10:51 AM
We have a package that puts the file on the system when it images, then this script runs At Reboot to install it.
Craig E
Posted on 09-22-2009 10:54 AM
My bad for sending the file...Entourage might block it. =)
#!/bin/sh
######################################################
## This script will install the UWEC Root Certificate At Reboot
## The certificate is located in /Library/UWEC on the local hard drive
## Created by ERNSTCS on Monday, May 26th, 2009
######################################################
## Run the security command to install the certificate for system keychain as root
/usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/Library/UWEC/certnew.cer"
Posted on 09-23-2009 01:03 PM
I ran this as a reboot script while imaging and it worked, except when I add
a network account it kills the trust setting. I deleted everything out of
the system keychain, ran the script as a policy at startup, and I can get it
to add the cert but not trust it. Any ideas?
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com