Packaging certificates to be pushed out with Munki (not securing repo)
treydock
interested in how it's done. I've found docs on installing
certificates from command line but it seems to never work. The
University I work for has their own certificate authority that I use
on all my web applications and would like to install it globally on
all my machines with munki. It's not with any of the generally
trusted CAs that all browsers accept, but rather something the
University requires at minimum to allow HTTPS through their firewall.
This isn't for securing the munki repo however the next step in this
process would be to use that certificate authority to sign my repo
which will require I distribute the certificate.
The certificate needs to be installed in a way that all browsers can
use it to log into my hosted services (Firefox, Safari, Chrome).
Thanks
- Trey
Hannes Juutilainen
Basically:
- Installer puts the certificate file to /private/tmp
- I use /usr/bin/security in postflight script to add the certificate to System.keychain
The command I use in postflight script is:
/usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" /private/tmp/theCert.pem
I'm not sure what else you need to do for your specific needs but the above workflow worked for me. It just basically imports the certificate to the system keychain and marks it as trusted.
--
Hannes Juutilainen
University of Jyväskylä
> --
> You received this message because you are subscribed to the Google Groups "munki-dev" group.
> To post to this group, send email to munk...@googlegroups.com.
> To unsubscribe from this group, send email to munki-dev+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/munki-dev?hl=en.
>
nate
here's a luggage makefile and example postflight from my repo.
https://github.com/tspgit/luggage/blob/master/802.1x_profile_10.5/postflight