Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS Automating Installing Certificates

I

IntrinsicMac

macrumors newbie
Original poster
Mar 12, 2007
7
0
Texas
Hi,

I am trying to figure out how to automate the following steps to install some certficates so the members of a medical school class can access a resource on their Mac without getting bogged down in the instructions. (aka for clueless people who so far cant figure out how to follow these instructions)

I was using the package manager to move the files to the right location, but am clueless on how to automate the actual certif install.

thanks!

2. Prepare Keychain

Launch the Keychain Access application via Applications\Utilities or Spotlight

From the File menu, choose "Add Keychain"

Navigate to /system/library/keychains and select "X509Anchors"

Enter your password as required.
[edit] 4. Install the Certificates

From the "cacerts" folder, double click each file.

It will bring up an "Add Certificates" confirmation - change the Keychain to "X509Anchors" and then select OK.

Repeat this process for the 3 remaining files.

You may close the finder window.
[edit] 5. Trust the Certificates

In your Keychain Access application, go to the X509Anchors keychain.

Find the four entries that start with "Starfield..."

Double click each one and click the arrow next to the word Trust in the pop up window.

Change the "When using this certificate:" dropdown to "Always Trust" and then close the pop up. You will be prompted to enter your password.

Repeat for the remaining three entries.
Click to expand...
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
IntrinsicMac said:
Hi,

I am trying to figure out how to automate the following steps to install some certficates so the members of a medical school class can access a resource on their Mac without getting bogged down in the instructions. (aka for clueless people who so far cant figure out how to follow these instructions)

I was using the package manager to move the files to the right location, but am clueless on how to automate the actual certif install.
Click to expand...

Sorry, but that is exactly the stuff that should never, ever be automated. You are trying to install root certificates. These root certificates determine what web sites will be trusted when using https. That is about the most dangerous thing to install.
 
edesignuk

edesignuk

Moderator emeritus
Mar 25, 2002
19,232
2
London, England
gnasher729 said:
Sorry, but that is exactly the stuff that should never, ever be automated. You are trying to install root certificates. These root certificates determine what web sites will be trusted when using https. That is about the most dangerous thing to install.
Click to expand...
I know what you're saying, but there should be a way of deploying root certs without the need for manual intervention on workstations. Root certs can be deployed to clients with Group Policy in the Windows world for example. It would be a nightmare doing each one individually.
 
Cromulent

Cromulent

macrumors 604
Oct 2, 2006
6,802
1,096
The Land of Hope and Glory
You might be able to do something similar using the UNIX equivalent tools such as Kerberous although I am by no means an expert on the subject. Maybe LDAP even? Although from recollection that is more a directory service than anything else.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom