Cb Defense: How to Retrieve a Certificate String for Whitelisting PKG Installer Files
search cancel

Cb Defense: How to Retrieve a Certificate String for Whitelisting PKG Installer Files

book

Article ID: 288879

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Locate certificate string and CA information required to Whitelist PKG installers

Environment

  • Cb Defense Sensor: 3.2.x.x and Higher
  • Apple macOS: All Supported Versions

Resolution

Retrieve the Cert String from Investigate page

  1. Navigate to the Investigate page.
  2. Locate the PKG installer by searching for the Sha256 value of the PKG or the package name.
  3. Click on the PKG file name.
  4. The full string listed in the "Signed by" Field and the CA Field are used for PKG certificate whitelisting.

Retrieve the Cert String using the pkgutil command

  1. Launch Terminal (Cmd + Space and type in Terminal and Enter).
  2. Enter the following command, substituting the path to the installer for <installer.pkg> 
    pkgutil --check-signature <installer.pkg>
  3. The "Developer ID Installer:" value (or the first certificate in the chain) is the required certificate string.
  4. The values listed for the CA ((or the last certificate in the chain) is the required CA information.

Additional Information

This information is required to configure Certificate Whitelisting for PKG installers.
 
Powered by Wolken Software