That part was to remove the Cert from the temp location. No it is actually a cert for our new firewall.

@dpalmer_autoever As @alexjdale mentioned, you need to use trustAsRoot for non-root certs.

Here's what we're using:

function trustRootCert(){
    certName="$1"
    if [ -f /var/tmp/"${certName}" ]; then
        /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /var/tmp/"${certName}"
        echo "* Installed ${certName}"
    else
        echo "* Error: ${certName} not found in: /var/tmp/"
    fi

    /bin/sleep 1

}


function trustCertAsRoot(){
    certName="$1"
    if [ -f /var/tmp/"${certName}" ]; then
        /usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /var/tmp/"${certName}"
        echo "* Installed ${certName}"
    else
        echo "* Error: ${certName} not found in: /var/tmp/"
    fi

    /bin/sleep 1

}


trustRootCert "rootCert1.cer"

trustCertAsRoot "nonRootCert1.cer"

Thanks, I will try your script and cross my fingers it works. I appreciate the input.

@dan.snelson I tried running the script you use but still coming up with the same result. The certificate isn't going into the keychain until I search for it via Spotlight, I click on the cert and that is when it goes into the keychain as untrusted. I really would hate to have to touch 300+ systems to install this cert. Any other ideas I could try?

Here is the log I get now:

IWA0063256 (682)

Sending Wake On LAN command...
Opening SSH Connection to xx.xxx.xx.xx...
Authenticating...
Successfully authenticated.
Verifying Computer's Identity...
The MAC Address has been verified.
Checking Operating System Version...
Running Mac OS X 10.12.3 (16D32)
Verifying /usr/local/jamf/bin/jamf...
/usr/local/bin/jamf is (9.97.1488392992) not the current version (9.97.1482356336).
Verifying /usr/sbin/jamf...
/usr/sbin/jamf does not exist.
Downloading /usr/local/jamf/bin/jamf from JSS...
Moving jamf binary to /usr/local/jamf/bin/jamf...
Created the jamf binary directory /usr/local/jamf/bin.
Moving jamf binary to /usr/local/jamf/bin/jamf...
Moved the JAMF CLI Binary to /usr/local/jamf/bin/jamf.
Creating symlink /usr/local/bin/jamf...
Enabling /usr/local/jamf/bin/jamf...
Enabled the JAMF CLI Binary.
Verifying /Library/Preferences/com.jamfsoftware.jamf.plist...
Preparing Policy...
Not upgrading jamf binary. do_not_upgrade_jamf is set to true in /Library/Preferences/com.jamfsoftware.jamf.plist
Executing Policy 2017-03-07 at 6:35 PM | dpalmer | 2 Computers
Mounting Casper Share
Verifying package integrity...
Copying CertName.cer.pkg...
Installing CertName.cer.pkg...
Successfully installed CertName.cer.pkg.
Running script Trusted Cert-...
Script exit code: 0
Script result: Error: CertName.cer not found in: /private/tmp/
Error: CertName.cer not found in: /private/tmp/
Unmounting file server...
Submitting log to https://xxx12345.jamfcloud.com/
Finished.

@dpalmer_autoever Where are the certificates being installed by CertName.cer.pkg?

Installing CertName.cer.pkg... Successfully installed CertName.cer.pkg. Running script Trusted Cert-... Script exit code: 0 Script result: Error: CertName.cer not found in: /private/tmp/ Error: CertName.cer not found in: /private/tmp/

The cert is installed in /private/tmp and the script is to delete it after installing.

@dan.snelson here is your script modified for my cert:

function trustRootCert(){ certName="$ ForcepointCloudCA.cer" if [ -f /private/tmp/"$ ForcepointCloudCA.cer" ]; then /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/tmp/"$ ForcepointCloudCA.cer " echo " Installed $ ForcepointCloudCA.cer " else echo " Error: $ ForcepointCloudCA.cer not found in: /private/tmp/" fi

/bin/sleep 1

}
function trustCertAsRoot(){ certName="$ ForcepointCloudCA.cer" if [ -f /private/tmp/"$ ForcepointCloudCA.cer" ]; then /usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /private/tmp/"$ ForcepointCloudCA.cer" echo " Installed $ ForcepointCloudCA.cer" else echo " Error: $ ForcepointCloudCA.cer not found in: /private/tmp/" fi

/bin/sleep 1

}
trustRootCert " ForcepointCloudCA.cer"
trustCertAsRoot " ForcepointCloudCA.cer"

@dan.snelson Here is my original script - They both will install the cert but just will not make it Trusted or put it in the keychain. I have to search for it click on it then it will show up in the Keychain.

!/bin/sh

postflight

Not supported for flat packages.

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

security add-trusted-cert -d -r trustAsRoot -k "/Library/Keychains/System.keychain" "/private/tmp/ForcepointCloudCA.cer" srm "/private/tmp/ForcepointCloudCA.cer"

rm -rf "/private/tmp/"

exit 0 ## Success
exit 1 ## Failure

@dpalmer_autoever After installing CertName.cer.pkg on a test machine, what result do you get if you execute the following command in Terminal?

/usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /private/tmp/ForcepointCloudCA.cer

I get the following error:
/usr/bin/security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain /private/tmp/ForcepointCloudCA.cer
*Error reading file /private/tmp/ForcepointCloudCA.cer
Error reading file /private/tmp/ForcepointCloudCA.cer

As I see it is not finding the file where it should be.

Thanks for taking the time to assist, it is appreciated!