Articles in this section

See more

macOS Self-Service Support

Avatar
Anthony - Versasec Support
  • Updated

Introduction

From version 6.0 it is possible to perform self-service operations from macOS platforms using vSEC:CMS User Self-Service (USS).

The self-service operations that can be performed and the limitations are listed below:

  • Currently, PIV-only tokens and Thales eTokens 5100 and 5110 are supported
  • Change PIN
  • Offline PIN unblock using challenge/response
  • Online PIN unblock
  • View installed certificates on token
  • Reissue certificates on the token
  • Only English language supported
  • No PIN policy details are displayed when performing PIN operations.
Important
Important: Only gRPC communication is possible when connecting to the server side of vSEC:CMS. See here for details on how gRPC can be configured.
Important
Important: macOS BigSur 11 and Catalina 10.15 versions have been validated.

Configuration

The only configuration required is to connect the USS to the server-side component when performing operations with managed credentials. You can configure the connection with a configuration file. On macOS, you usually use .plist files for this. This file needs to be located at ~/Library/Preferences/com.versasec.config.plist

You can set this file using the following command:

Command
defaults write ~/Library/Preferences/com.versasec.config "gRPCServerUrl" 'http://gRPCUrl:Port'

Where gRPCUrl is the hostname of the server where vSEC:CMS is installed and Port is the port number that the gRPC service is listening on.

If you set the schema to HTTPS, then you need to set a second value

Command
defaults write ~/Library/Preferences/com.versasec.config "Certificate" 'your_root_certificate_label_name’

Where your_root_certificate_label_name is the name of the issuer certificate of the server certificate which is selected in vSEC:CMS. This certificate has to be installed in the keychain of your system and must be trusted.

Important
Important: Logs are enabled by default and can be found in this folder: Users\"username"\versasec\DotNetWrapper

Related articles

Comments

2 comments

Sort by Date Votes
  • Avatar
    Reuven Cohen - General Dynamics Information Technology

    You may want to adjust it to check /Library/Managed\ Preferences\com.versasec.config.plist as well so that we can deploy settings via MDM like JAMF instead of needing to script it to the user level preferences folder for each user\machine.

    0
    Comment actions Permalink
  • Avatar
    Anthony - Versasec Support

    Appreciate the feedback!

    We will improve on this in future version to include a check for this.

    0
    Comment actions Permalink

Please sign in to leave a comment.