Got my certs uploaded, but when I run a test I get:
org.apache.http.conn.HttpHostConnectException: Connect to gsxapi.apple.com:443 [gsxapi.apple.com/17.151.129.22] failed: Connection timed out: connect
How do I know if this is on my end and I need to open something up internally, or if this is on Apple's end and they haven't whitelisted my IP yet?
Do they send an email specifically announcing the whitelist? I haven't received anything mentioning it yet.
NM, Apple finally replied to my question.
Hello,
Your IP’s are not yet whitelisted.
IP whitelisting currently has a 7-10 day turn around time.
As soon as I have confirmation of the IP’s being whitelisted I will notify you.
@hkabik Did you generate a CSR from your JSS? Did you also have to send GSX a public key?
I tried to generate a CSR from the JSS but Apple refused it because it had the extension certSigningRequest instead of CSR.
So I renamed it to a .csr extension and Apple refused it because it was giving them the following error:
"Certificate request is INVALID! The following errors must be addressed before submitting:
Organization is required
Invalid signature algorithm detected. Signature algorithm must use SHA-2 (Note: SHA-1 and MD5 are too weak and not supported).”
So I ended up just creating it manually using Java's keytool. Then imported the chain pem Apple sent back into the keystore and exported the .p12 and it uploaded into the JSS perfectly.
Thanks for that bit of info! I was confused on which cert to convert.
NM, Apple finally replied to my question.
Hello,
Your IP’s are not yet whitelisted.
IP whitelisting currently has a 7-10 day turn around time.
As soon as I have confirmation of the IP’s being whitelisted I will notify you.
I recently moved our JSS and I need to whitelist the new IP-Address, can I ask how you contacted apple to get your ip-address whitelisted?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.