Introduction

From version 6.0 it is possible to perform self-service operations from macOS platforms using vSEC:CMS User Self-Service (USS).

The self-service operations that can be performed and limitations are listed below:

• Currently PIV only tokens that can be managed by vSEC:CMS are supported
• Change PIN
• Offline PIN unblock using challenge/response
• Online PIN unblock
• View installed certificates on token
• Only English language supported
• No PIN policy details are displayed when performing PIN operations.

Important: Only gRPC communication is possible when connecting to the server-side of vSEC:CMS. See here for details on how gRPC can be configured.

Important: macOS BigSur 11 and Catalina 10.15 versions have been validated.

Configuration

The only configuration required is to connect the USS to the server-side component when performing operations with managed credentials. You can configure the connection with a configuration file. On macOS you usually use .plist files for this. This file needs to be located at ~/Library/Preferences/com.versasec.config.plist

You can set this file using following command:

defaults write ~/Library/Preferences/com.versasec.config "gRPCServerUrl" 'http://gRPCUrl:Port'

Where gRPCUrl is the hostname of the server where vSEC:CMS is installed and Port is the port number that the gRPC service is listening on.

If you set the schema to https, then you need to set a second value

defaults write ~/Library/Preferences/com.versasec.config "Certificate" 'your_root_certificate_label_name’

Where your_root_certificate_label_name is the name of the issuer certificate of the server certificate which is selected in vSEC:CMS. This certificate has to be installed in the keychain of your system and must be trusted.