This one is for all of those wanting to issue the .p12 certificate to computers via Jamf Pro for Google LDAP Authentication with Jamf Connect.
I've recently performed an integration for a customer with Jamf Connect and their G-Suite tenant following the article provided here: https://learn.jamf.com/bundle/jamf-connect-documentation-current/page/Integrating_with_Google_Identity.html
and found that when attempting to issue the certificate via a configuration profile, I would get the error "the certificate could not be verified (authentication error)"
I ended up going down a long rabbit hole of troubleshooting that ended with having me attempt to install the certificate manually, which lead me to find that the password I created wasn't being accepted within keychain access.
This lead me to the following article going over an open issue with OpenSSL 3.x and it's deciphering issues:
https://stackoverflow.com/questions/70431528/mac-verification-failed-during-pkcs12-import-wrong-password-azure-devops
The solution for me was to append the -legacy flag to the command for creating the .p12 file in order to generate a certificate package that could be accepted on the endpoint. The modification looked like the below code:
openssl pkcs12 -export -legacy -out /path/to/generated/keystore.p12 -inkey /path/to/saved/privatekey.key -in /path/to/saved/certificate.crtThis newly generated Certificate payload was accepted both manually and through the configuration profile immediately.
Additional Context:
My testing utilized Jamf Connect 2.28.0 and MacOS 13.6.