Keychain - Machine Certificate - Access Control

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 9
Registered: ‎12-12-2016
#1 of 6 2,862

Keychain - Machine Certificate - Access Control

Hi,

 

We'd like our machine certificates to have Access Control in Keychain set to "Allow all applications to access this item" on the Imported Private Key.  We set this before we deploy a machine but I've seen sporadic instances where the setting gets changed to prompt the user for access which they can't approve because they don't have admin rights.  Our VPN needs the machine cert for sign-in.

 

Any ideas on how to set the Access Control setting via policy?  Or maybe grant a user the right to elevate only in Keychain or that part of Keychain?

 

Thanks,

Centrify Advisor III
Posts: 78
Registered: ‎09-08-2015
#2 of 6 2,819

Re: Keychain - Machine Certificate - Access Control

Hello @buckybadger and welcome to the Centrify Community. 

 

It appears that there is an open investigation to add this functionality to the product line. Please see the post in our Idea Exchange here

 

If this was working as is, it would be helpful to open a case with our Support team in order to investigate further.

 

Thank you!

 

Have a great day!!

 

Ryan V. 

Participant II
Posts: 9
Registered: ‎12-12-2016
#3 of 6 2,817

Re: Keychain - Machine Certificate - Access Control

Thanks but it says I don't have access to post where you suggested I post.

Participant II
Posts: 9
Registered: ‎12-12-2016
#4 of 6 2,624

Re: Keychain - Machine Certificate - Access Control

Hi - still looking for a way to manipulate this.  Anyone?

Centrify Advisor IV
Posts: 81
Registered: ‎02-18-2015
#5 of 6 2,610

Re: Keychain - Machine Certificate - Access Control

Hi buckybadger,

 

It is not a feature yet and it is still under our investigation to put it into the future. Sorry for the inconvenience caused.

 

Best Regards,

Albert

Highlighted
Participant II
Posts: 3
Registered: ‎08-07-2016
#6 of 6 857

Re: Keychain - Machine Certificate - Access Control

Hi,

 

Just checking back in on this.  We still have the issue where we're auto enrolling our Mac devices with machine certificates but our VPN cannot access the private key of the new certificate in Keychain without manually granting the access using an administrator account.  It's been two years so maybe there's a way to do it now?  :)