Help

Script assistance: set identity preference

sonic
New Contributor

Posted on ‎11-15-2023 02:24 AM


Hey everyone,
I want to setup auto-selection for a client certificate in Safari.
I already figured out how do auto-select in chrome and firefox but from my research, seems like there isn't a simliar, easy, native way in Safari.
I saw that setting an identity preference between my client cert from keychain to a url/dns/service is possible.
Basicly my goal is for safari to select automatily the ame client cert for all of it's traffic.
The best solution I found was using TLD's: "*.com", "*.net" but it requires quite a a lot of objects and inefficient.
I have tried the following but all of them didn't work:

 

security set-identity-preference -c <CN name> -s "*"
security set-identity-preference -c <CN name> -s  "*.*"
security set-identity-preference -c <CN name> -s  "https://*"
security set-identity-preference -c <CN name> -s  "https://*/"
security set-identity-preference -c <CN name> -s  "https://*/*"

 


P.S: I know it isn't very secure but i still want to find a way how it can be done.

Labels:
0 Kudos
1 REPLY 1

cenforce
New Contributor III

Posted on ‎11-25-2023 10:07 AM

Hey @sonic ! Setting up auto-selection for a client certificate in Safari can indeed be a bit tricky. Your exploration into identity preferences is on the right track. It's a bummer that the TLD approach turned out to be inefficient.

Have you considered using the -Z option with security set-identity-preference? This might allow you to set the identity preference for the specified certificate more effectively. Also, ensure that your certificate and keychain settings are correct.

And hey, we all have our reasons for wanting things done, even if they might not be the most secure! 😄 Hopefully, someone here has cracked this particular Safari code. Good luck, and fingers crossed for a solution that fits your needs! 🤞🍀

Sincerely, admin lasix

jamf man