Skip to main content

Hello,

I'm having trouble with packages out of Composer. I previously had been able to create packages and push out through JAMF Pro. However the JAMF signing certificate was accidentally deleted from my machine and I received an error in Composer that the certificate could not be found to sign the package. 

I tried reinstalling the cert into Keychain Access. I am pretty sure this is the correct one. It shows up in Composer now when I build the package, but when the policy is run in JAMF I get the error "Installation failed. The package could not be verified."

How can I confirm the certificate is correct, or can I re-download and re-install to stop endpoints from having the error?

 

Any assistance is appreciated.

The two issues probably are not directly related. Not that it is a bad practice, but is there a reason that you are signing packages made with Jamf Composer rather than just letting Jamf sign them as it deploys them? 

AJPinto,

The only reason I am signing in Composer is because that is what we set up in our onboarding with JAMF. So, I went ahead and disabled the signing in Composer and things pushed out to endusers fine. I guess JAMF had us set up the signing cert in Composer if we wanted to push the packages out by different means, just to be thorough.

Of course, I still wonder about why the error was occurring if I had the correct certificate reinstalled. I guess I can look into that at some point.

But things are working after your suggestion, so 'thank you." 

 

@dpiraino Are you using JCDS as your Distribution Point? If so it looks like some packages will occasionally fail with a verification error after download but will eventually work (although if they fail enough time the policy will stop re-trying). You might want to log a support case for this as I don't know yet if there is a PI for this issue.

@dpiraino Are you using JCDS as your Distribution Point? If so it looks like some packages will occasionally fail with a verification error after download but will eventually work (although if they fail enough time the policy will stop re-trying). You might want to log a support case for this as I don't know yet if there is a PI for this issue.


@sdagley  Thanks for the input. I am using JCDS and I have seen where it fails once in a great while. Usually all works out after another attempt, so I have not been too concerned. I figured it was an issue with the download and JAMF was aware, since they make it try 4 times on failure. (I assume to take into consideration some users' internet connections are worse than others.)

In this instance it was the package itself since all endpoints failed all 4 attempts. So I am sure it is something with my certificate, rather than JCDS. I will probably look into it at some point, and if I figure it out, may post an update. But since it is working when not signing in Composer, and I am not distributing by any other means than JAMF, it will probably take a back seat. Thanks for the assistance.

AJPinto,

The only reason I am signing in Composer is because that is what we set up in our onboarding with JAMF. So, I went ahead and disabled the signing in Composer and things pushed out to endusers fine. I guess JAMF had us set up the signing cert in Composer if we wanted to push the packages out by different means, just to be thorough.

Of course, I still wonder about why the error was occurring if I had the correct certificate reinstalled. I guess I can look into that at some point.

But things are working after your suggestion, so 'thank you." 

 


Signing packages is a good security practice but is usually unnecessary with Jamf Pro as Jamf Pro signs anything it deploys that is not signed. Jamf Now on the other hand does not sign anything, and you need to sign the packages yourself.


 


My guess is something was wrong with the new signing certificate you made. But if you are up and running, there is not much reason to deep dive unless its just for understanding.

Terms & ConditionsCookie settings