This feature is currently available for On-Premise customers to enable. Cloud customers may contact support to enable it in their instance.
By default, the Mac Agent comes with its own proxy certificate named “Internet Widgits“.
However, you can use your own custom certificate and assign it whatever Common Name (CN) you want. To do so, follow the instructions below:
Endpoint Configuration
Step 1. Enable Network Monitoring for the Agent
Run the following command in the Terminal.
Stealth Agent
sudo "/usr/local/teramind/agent/bin/System Monitoring.app/Contents/MacOS/System Monitoring" network_permissions;sleep 1;sudo killall "System Monitoring"
Revealed Agent
sudo "/usr/local/teramind/agent/bin/Teramind Agent.app/Contents/MacOS/Teramind Agent" network_permissions;sleep 1;killall "Teramind Agent"
Step 2: Create a Certificate
Run the following commands in the Terminal:
openssl genrsa -out key.pem 2048
openssl req -x509 -new -nodes -key key.pem -sha256 -days 1826 -out mycert.crt
Step 3: Add the Certificate to the macOS as Trusted
Run the following command in the Terminal:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <path_to_the_certificate>
Explanation:
Option | Description |
| Adds the certificate as trusted only for this device (by default, if not specified, it’s added as trusted for all users). |
| Designates the certificate as a root certificate. |
| Specifies the keychain where the certificate will be added (in this case, the system keychain). |
| Replace this with the path to your certificate. For example, |
Alternative Method
1. Open Keychain Access.
2. Open the certificate.
3. Go to the Trust tab and select the Always Trust option from the When using the certificate field:
Notes for MDM Deployments
If you are using an MDM (Mobile Device Management) system for the deployment, it’s necessary to ensure that the certificate is included in the MDM and marked as trusted. This is important for the successful installation and operation of the application or service on devices managed by MDM.
You will need to follow these steps for an MDM deployment:
Adding the certificate to MDM: The certificate should be uploaded to the MDM system. This is usually done in the security settings or certificate configuration section within the MDM interface.
Marking the certificate as trusted: After adding the certificate, its status must be set as trusted. In MDM, this is often done through the trusted certificates or security policies setting. This configuration signals to the devices that the certificate is safe, preventing the blocking of features that depend on it.
Verifying the certificate on devices: After deployment, the MDM should automatically distribute the certificate to all connected devices. It’s important to check on each device that the certificate is installed and marked as trusted to avoid security or compatibility issues.
Server Configuration
Step 1: Update the kv_store Table
Add the following fields in the kv_store table:
Field | Value |
| Password (leave empty if not needed). |
| Add the plaintext from the |
| Add the plaintext from the |
Step 2: Restart/Reboot the Server
Run the following command to restart the server:
sudo systemctl restart teramind
Or, you can execute a full reboot:
sudo reboot
Step 3: Verify the Certificate Activation
Open a web page and check the certificate to ensure it's being used:
