Category filter
Script to distribute certificate on macOS devices
Security certificates installed on the devices enable access to websites and other resources. Importing the certificates with the Terminal commands is an easy method to deploy certificates obtained from a Trusted Certificate Authority (CA). With Hexnode, you can remotely add the certificates hosted on your organization network to the macOS devices using the Execute Custom Script action.
Disclaimer:
The Sample Scripts provided below are adapted from third-party Open-Source sites.
Add certificate to the System Keychain
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
curl –O Provide the URL and the certificate_name to download the certificate here sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Users/certificate_name /usr/bin/security authorizationdb write system.preferences <<EndOfPlist <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>allow-root</key> <true/> <key>authenticate-user</key> <true/> <key>class</key> <string>user</string> <key>comment</key> <string>Checked by the Admin framework when making changes to certain System Preferences.</string> <key>group</key> <string>techs</string> <key>session-owner</key> <false/> <key>shared</key> <true/> </dict> </plist> EndOfPlist |
Notes:
- After the download, the user must change the certificate trust policy from the Keychain Access to establish trust and determine if the certificate is valid for specific uses.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
Need more help?
