Environment
- Cb Defense Sensor: 3.2.x.x and Higher
- Apple macOS: All Supported Versions
Objective
Locate certificate string and CA information required to Whitelist PKG installers
Resolution
Retrieve the Cert String from Investigate page
- Navigate to the Investigate page.
- Locate the PKG installer by searching for the Sha256 value of the PKG or the package name.
- Click on the PKG file name.
- The full string listed in the "Signed by" Field and the CA Field are used for PKG certificate whitelisting.
Retrieve the Cert String using the pkgutil command
- Launch Terminal (Cmd + Space and type in Terminal and Enter).
- Enter the following command, substituting the path to the installer for <installer.pkg>
pkgutil --check-signature <installer.pkg>
- The "Developer ID Installer:" value (or the first certificate in the chain) is the required certificate string.
- The values listed for the CA ((or the last certificate in the chain) is the required CA information.
Additional Notes
This information is required to configure Certificate Whitelisting for PKG installers.
Related Content