#!/bin/bash # # Fix-Arcuity-ZeroTrust.command (macOS) # ------------------------------------------------------------------ # One-click fix for WARP error: # "Limited connectivity: A certificate is missing; please contact your administrator." # # What it does (and ONLY this): # 1. Locates the Arcuity Zero Trust root certificate (bundled file, or CERT_URL). # 2. Installs it as a TRUSTED ROOT in the System keychain (requires your Mac password). # 3. Restarts WARP so it picks up the new trust. # 4. Verifies and reports. # # It does NOT touch any other certificate, file, or setting. Re-running is safe (idempotent). # # HOW DAVID USES IT: double-click this file in Finder. If macOS blocks it, # right-click -> Open -> Open. Enter your Mac login password when prompted. # ------------------------------------------------------------------ set -euo pipefail # Friendly label and the expected cert filename / fallback URL. CERT_NAME="Arcuity Zero Trust Root" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" BUNDLED_CERT="$SCRIPT_DIR/Arcuity-ZeroTrust-Root.pem" # Optional: admin may host the cert and set this URL instead of bundling the file. CERT_URL="" # e.g. "https://arcuity.com/zt/Arcuity-ZeroTrust-Root.pem" SYSTEM_KEYCHAIN="/Library/Keychains/System.keychain" WARP_CLI="/Applications/Cloudflare WARP.app/Contents/Resources/warp-cli" echo "==================================================" echo " Arcuity Zero Trust — WARP certificate repair" echo "==================================================" echo # --- 1. Find the certificate ------------------------------------------------- TMP_CERT="" cleanup() { [ -n "$TMP_CERT" ] && rm -f "$TMP_CERT" 2>/dev/null || true; } trap cleanup EXIT if [ -f "$BUNDLED_CERT" ]; then CERT_PATH="$BUNDLED_CERT" echo "[1/4] Using bundled certificate: $(basename "$CERT_PATH")" elif [ -n "$CERT_URL" ]; then echo "[1/4] Downloading certificate from: $CERT_URL" TMP_CERT="$(mktemp /tmp/arcuity_zt_XXXX.pem)" if ! curl -fsSL "$CERT_URL" -o "$TMP_CERT"; then echo " ERROR: could not download the certificate. Check your connection or contact IT." >&2 exit 1 fi CERT_PATH="$TMP_CERT" else echo " ERROR: No certificate found." >&2 echo " Place 'Arcuity-ZeroTrust-Root.pem' next to this file, or ask IT for the cert." >&2 exit 1 fi # Sanity-check it really is a certificate before trusting it. if ! openssl x509 -in "$CERT_PATH" -noout >/dev/null 2>&1; then echo " ERROR: '$CERT_PATH' is not a valid PEM certificate. Contact IT." >&2 exit 1 fi SUBJECT="$(openssl x509 -in "$CERT_PATH" -noout -subject 2>/dev/null | sed 's/^subject= //')" SHA1="$(openssl x509 -in "$CERT_PATH" -noout -fingerprint -sha1 2>/dev/null | sed 's/.*=//')" echo " subject: ${SUBJECT:-unknown}" echo " sha1: ${SHA1:-unknown}" echo # --- 2. Install as trusted root --------------------------------------------- echo "[2/4] Installing as a trusted root in the System keychain." echo " (You'll be asked for your Mac login password — this needs admin rights.)" if sudo security add-trusted-cert -d -r trustRoot -k "$SYSTEM_KEYCHAIN" "$CERT_PATH"; then echo " Installed and trusted." else echo " ERROR: keychain install failed. Make sure you entered the right password." >&2 exit 1 fi echo # --- 3. Restart WARP --------------------------------------------------------- echo "[3/4] Restarting WARP so it picks up the new trust." if [ -x "$WARP_CLI" ]; then "$WARP_CLI" disconnect >/dev/null 2>&1 || true sleep 2 "$WARP_CLI" connect >/dev/null 2>&1 || true sleep 3 echo " WARP bounced." else echo " warp-cli not found at the default path — please toggle WARP off/on manually." fi echo # --- 4. Verify --------------------------------------------------------------- echo "[4/4] Verifying." if [ -x "$WARP_CLI" ]; then echo " WARP status:"; "$WARP_CLI" status 2>/dev/null | sed 's/^/ /' || true fi echo echo "==================================================" echo " Done. Open the WARP menu and confirm it now says" echo " 'Connected' WITHOUT the 'certificate is missing' line." echo " If it still shows the warning, sign out/in of WARP" echo " (gear -> Preferences -> Account) and re-run this." echo "==================================================" echo read -n 1 -s -r -p "Press any key to close this window..." echo