From version 6.0 it is possible to perform self-service operations from macOS platforms using vSEC:CMS User Self-Service (USS).
The self-service operations that can be performed and limitations are listed below:
- Currently PIV only tokens that can be managed by vSEC:CMS are supported
- Change PIN
- Offline PIN unblock using challenge/response
- Online PIN unblock
- View installed certificates on token
- Only English language supported
- No PIN policy details are displayed when performing PIN operations.
Important: Only gRPC communication is possible when connecting to the server-side of vSEC:CMS. See here for details on how gRPC can be configured.
Important: macOS BigSur 11 and Catalina 10.15 versions have been validated.
The only configuration required is to connect the USS to the server-side component when performing operations with managed credentials. You can configure the connection with a configuration file. On macOS you usually use .plist files for this. This file needs to be located at ~/Library/Preferences/com.versasec.config.plist
You can set this file using following command:
defaults write ~/Library/Preferences/com.versasec.config "gRPCServerUrl" 'http://gRPCUrl:Port'
Where gRPCUrl is the hostname of the server where vSEC:CMS is installed and Port is the port number that the gRPC service is listening on.
If you set the schema to https, then you need to set a second value
defaults write ~/Library/Preferences/com.versasec.config "Certificate" 'your_root_certificate_label_name’
Where your_root_certificate_label_name is the name of the issuer certificate of the server certificate which is selected in vSEC:CMS. This certificate has to be installed in the keychain of your system and must be trusted.