macOS Self-Service Support

Anthony - Versasec Support
Anthony - Versasec Support
  • Updated

Introduction

From version 6.0 it is possible to perform self-service operations from macOS platforms using vSEC:CMS User Self-Service (USS).

The self-service operations that can be performed and the limitations are listed below:

  • Currently, PIV-only tokens and Thales eTokens 5100 and 5110 are supported
  • Change PIN
  • Offline PIN unblock using challenge/response
  • Online PIN unblock
  • View installed certificates on token
  • Reissue certificates on the token
  • Only English language supported
  • No PIN policy details are displayed when performing PIN operations.
Important
Important: Only gRPC communication is possible when connecting to the server side of vSEC:CMS. See here for details on how gRPC can be configured.
Important
Important: macOS Sonoma 14.4.14, BigSur 11 and Catalina 10.15 versions have been validated along with M-series and Intel-based chips.

Configuration

The only configuration required is to connect the USS to the server-side component when performing operations with managed credentials. You can configure the connection with a configuration file. On macOS, you usually use .plist files for this. This file needs to be located at ~/Library/Preferences/com.versasec.config.plist

You can set this file using the following command:

Command
defaults write ~/Library/Preferences/com.versasec.config "gRPCServerUrl" 'http://gRPCUrl:Port'

Where gRPCUrl is the hostname of the server where vSEC:CMS is installed and Port is the port number that the gRPC service is listening on.

If you set the schema to HTTPS, then you need to set a second value

Command
defaults write ~/Library/Preferences/com.versasec.config "Certificate" 'your_root_certificate_label_name’

Where your_root_certificate_label_name is the name of the issuer certificate of the server certificate which is selected in vSEC:CMS. This certificate has to be installed in the keychain of your system and must be trusted.

Important
Important: Logs are enabled by default and can be found in this folder: Users\"username"\versasec\DotNetWrapper