VMware Workspace ONE Community
shabsn
Enthusiast
Enthusiast

Adding a selfsigned certificate (.crt) to keychain on macOS clients

Hello,

I have already been looking for a solution but couldnt figure it out. Is there an easy way to deploy/store a .crt to keychain.app (System-Roots) on macOS?

Thanks for your time!

Daniel

Labels (1)
Reply
0 Kudos
3 Replies
shabsn
Enthusiast
Enthusiast

Okay I could manage to deploy the cert + a script via:

General.png

Files.png

Manifest.png

I added this to a product and the 2 files are getting deployed. But the script fails to execute....

2020-05-27T16:33:40+0200 INF Action Type - Execute Script: /private/tmp/script.sh, isLocalScript: 1 executeAsRoot: 1

2020-05-27T16:33:40+0200 ERR Script execution failed in root context. Error: /private/tmp/script.sh: /private/tmp/script.sh: cannot execute binary file

I want to do this by the script:

sudo security add-trusted-cert -r trustRoot -k "/Library/Keychains/System.keychain" "/private/tmp/myCA.crt"

Can anybody tell me how the script needs to look like to be successfully executed?

Reply
0 Kudos
rterakedis
VMware Employee
VMware Employee

shabsn​ -- have you tried uploading the certificate in a macOS device profile?   You should be able to upload a certificate there and have it placed into the System keychain.

pastedImage_0.png

When creating macOS profiles, "User" profiles affect the login keychain while "Device" profiles affect the System keychain.

Reply
0 Kudos
shabsn
Enthusiast
Enthusiast

Yes but its only adding a "Certificate Setting" to the keychain. Not the Certificate itselfs.

Reply
0 Kudos