PDA

View Full Version : Automating Installing Certificates




IntrinsicMac
Jul 17, 2009, 07:56 AM
Hi,

I am trying to figure out how to automate the following steps to install some certficates so the members of a medical school class can access a resource on their Mac without getting bogged down in the instructions. (aka for clueless people who so far cant figure out how to follow these instructions)

I was using the package manager to move the files to the right location, but am clueless on how to automate the actual certif install.

thanks!

2. Prepare Keychain

Launch the Keychain Access application via Applications\Utilities or Spotlight

From the File menu, choose "Add Keychain"

Navigate to /system/library/keychains and select "X509Anchors"

Enter your password as required.
[edit] 4. Install the Certificates

From the "cacerts" folder, double click each file.

It will bring up an "Add Certificates" confirmation - change the Keychain to "X509Anchors" and then select OK.

Repeat this process for the 3 remaining files.

You may close the finder window.
[edit] 5. Trust the Certificates

In your Keychain Access application, go to the X509Anchors keychain.

Find the four entries that start with "Starfield..."

Double click each one and click the arrow next to the word Trust in the pop up window.

Change the "When using this certificate:" dropdown to "Always Trust" and then close the pop up. You will be prompted to enter your password.

Repeat for the remaining three entries.



gnasher729
Jul 17, 2009, 09:14 AM
Hi,

I am trying to figure out how to automate the following steps to install some certficates so the members of a medical school class can access a resource on their Mac without getting bogged down in the instructions. (aka for clueless people who so far cant figure out how to follow these instructions)

I was using the package manager to move the files to the right location, but am clueless on how to automate the actual certif install.

Sorry, but that is exactly the stuff that should never, ever be automated. You are trying to install root certificates. These root certificates determine what web sites will be trusted when using https. That is about the most dangerous thing to install.

edesignuk
Jul 17, 2009, 09:18 AM
Sorry, but that is exactly the stuff that should never, ever be automated. You are trying to install root certificates. These root certificates determine what web sites will be trusted when using https. That is about the most dangerous thing to install.I know what you're saying, but there should be a way of deploying root certs without the need for manual intervention on workstations. Root certs can be deployed to clients with Group Policy in the Windows world for example. It would be a nightmare doing each one individually.

Cromulent
Jul 17, 2009, 09:57 AM
You might be able to do something similar using the UNIX equivalent tools such as Kerberous although I am by no means an expert on the subject. Maybe LDAP even? Although from recollection that is more a directory service than anything else.