Home Forums Software InstaDMG Root Certificates?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • December 3, 2010 at 2:47 pm #380061
    mgb123
    Participant

    I have a 2 part question.

    1) Is it possible to add a root certificate to my build?

    2) Assuming that I’m never going to let the build out of my site – is it inadvisable to do so?

    I’m about as certificate dumb as you can get – so I’m really unsure of best practices here.

    December 5, 2010 at 6:53 pm #380067
    Tim Sutton
    Participant

    It’s possible to easily script it as part of your firstboot. I copy a certificate to /usr/local/share as part of my general support package (which is common across all images), and somewhere in my common firstboot I have this:

    /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /usr/local/share/the_certificate.cer

    I’m also fairly clueless about certificates, but this has been what’s worked for me. I suppose it would be possible to have a postflight script that would run this command with the keychain path prepended with $3 so that it will point to the target volume in the InstaDMG build. Never tried that however.

    December 16, 2010 at 5:57 pm #380163
    mgb123
    Participant

    This functions perfectly!

    I have a pkg that puts the cert down, and then the 1st boot script installs it and deletes it from the temp location.

    Perfect!

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.