Guys, We have installed 3rd party Root CA and Enterprise CA cert in keychain via Intune mdm and those are showing as non-trusted. Now I would like to know how to make those cert are trusted using shell script. Kindly help. Thanks.
The command to do this on older versions of macOS is below. However Apple removed the ability to force trust a certificate from CLI a few years ago, that would be the -k argument. To install a Certificate and force trust it you need to deploy with a configuration profile. Any other method will prompt a user for credentials.
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <certificate>
Guys, I implemented this 'trustRoot' script in Intune for MacOS to make the certificate trust by itself.. But it's not working.. Still the certificate showing as 'This root certificate is not trusted'. Kindly advice.
In General your statement is correct, but in this case the certificate is deployed by Microsoft Azure due enrollment with the company Portal app.
Also there is no certificate chain currently available from Microsoft to be deployed within a configuration profile.
i will try to anynomize my script we currently use and which scope is set and how within the next days.
But for now I can share this much:
when a Mac is registered with company portal, we use an EA to valide the information stored in the jamfaad.plist. If the information is okay, the Mac is scoped into a smart group and the policy runs once to “whitelist” the deployed certificate with a script. I will post the script separately.
Does anyone already uses the new compliance connector ? Do the macs register in intune with Jamf connect?
@sk25 Try this:
we used a similar workaround like @AJPinto mentioned with the script..
this was the only solution which worked silently for us. If you find a better solution let me know
@eos_bebu I ran the below script manual and it worked well. So deployed in MDM solution and waiting for the status. May check the below script from your end and let me know status.