Help

Trust Certificates

Not applicable

Posted on ‎09-22-2009 09:39 AM

Does anyone know if there a way to push browser trust certificates and make
them machine-wide?

Julius Wilpon
Director, Technology Support
Pearson | Architecture, Engineering & Support
1 Lake Street
Upper Saddle River, NJ 07458
201-236-7817 Office
201-574-6930 Cell
201-676-0872 Google Voice
Julius.wilpon at pearson.com
P Pearson is Green. Please consider the environment before printing this
e-mail.

0 Kudos
4 REPLIES 4

jarednichols
Honored Contributor

Posted on ‎09-22-2009 10:02 AM

You can deliver the actual certificate to a location on the machine (I use /Library/Application Support/<<org name>>) and then use a postflight script that calls the security command to add it to various keychains.

j
---
Jared F. Nichols
Desktop Engineer, Infrastructure & Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos

ernstcs
Contributor III

Posted on ‎09-22-2009 10:51 AM

We have a package that puts the file on the system when it images, then this script runs At Reboot to install it.

Craig E

0 Kudos

ernstcs
Contributor III

Posted on ‎09-22-2009 10:54 AM

My bad for sending the file...Entourage might block it. =)

#!/bin/sh

######################################################
## This script will install the UWEC Root Certificate At Reboot
## The certificate is located in /Library/UWEC on the local hard drive
## Created by ERNSTCS on Monday, May 26th, 2009
######################################################

## Run the security command to install the certificate for system keychain as root
/usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/Library/UWEC/certnew.cer"

0 Kudos

abenedict
New Contributor II

Posted on ‎09-23-2009 01:03 PM

I ran this as a reboot script while imaging and it worked, except when I add
a network account it kills the trust setting. I deleted everything out of
the system keychain, ran the script as a policy at startup, and I can get it
to add the cert but not trust it. Any ideas?

--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com

0 Kudos