Creating certificates for your shell scripts for macOS

This section includes the following main steps:

  1. Creating a certificate authority for your macOS scripts
  2. Creating a script signing identity for your macOS scripts
  3. Exporting the CA public key certificate for your macOS scripts

Creating a certificate authority for your macOS scripts

Create a certificate authority for signing your macOS scripts.You can optionally use the certificate authority you create as your default.

Procedure 

  1. On a macOS device, run the Keychain Access utility.
  2. From the Keychain Access menu, choose Certificate Assistant > Create a Certificate Authority.
  3. Enter a name for the certificate authority, noting it for later use.
  4. For the user certificate type, select Code Signing.
  5. Enter your email address.
  6. In Keychain Access, select My Certificates to view the certificate authority.

Related topics 

Creating a certificate authority using Keychain Access

Creating a script signing identity for your macOS scripts

Create a signing identity certificate so that you can sign your scripts.

Before you begin 

Creating a certificate authority for your macOS scripts

Procedure 

  1. On a macOS device, run the Keychain Access utility.
  2. From the Keychain Access menu, choose Certificate Assistant > Create a Certificate.
  3. Enter a name for the signing identity, noting it for later use.
  4. For the identity type, select Leaf.
  5. For the certificate type, select Code Signing.
  6. Create the leaf.
  7. Choose an issuer. Select the certificate authority you created.
  8. Create the certificate.
  9. In Keychain Access, select My Certificates to view the signing identity you created.

Related topics 

Code Signing Tasks on the Apple Developer website

Exporting the CA public key certificate for your macOS scripts

You must now export the certificate authority you created and upload it to Ivanti EPMM.

Before you begin 

Creating a script signing identity for your macOS scripts

Procedure 

  1. On a macOS device, run the Keychain Access utility.
  2. Select Certificates in the left pane.
  3. Select the certificate of the certificate authority you created in Creating a certificate authority for your macOS scripts.
  4. Select File > Export Items.
  5. For File Format, select Certificate (.cer).

  6. Select Save.

    Note where you saved the .cer file

  7. Open the Terminal application.
  8. Navigate to the directory where you exported the certificate.

  9. Execute the following openssl command to convert the .cer file to a .pem file. (In this example, the certificate was saved in Certificate.cer.)

    openssl x509 -inform der -in Certificate.cer -out root.pem

You will later upload this .pem file to Ivanti EPMM.