Skip to main content

Hi JAMF Nation!



After using Casper Imaging, I run into a couple of issues.



1) The Mac's do not enroll into the JSS Take that back. It shows up in the JSS as unmanaged, that's about it.



Running sudo jamf policy manually in terminal gives this error:
JSS Username: xxxx
JSS Password: xxxx (admin pass and username on JSS)
SSH Username:xxxx
SSH Password:xxx
Downloading required CA Certificate(s)...
2015-03-09 15:06:35.214 jamf[980:3523] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9812)
2015-03-09 15:06:35.244 jamf[980:3523] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9812)



There was an error.



Error enrolling computer: Unable to establish trust with the JSS - The jamf binary could not connect to the JSS because the web certificate is not trusted.



I even restarted the Tomcat and MySQL servers.



2) The management account doesn't show, but it shows in Casper Admin



3) Mac's do not bind to AD after imaging. We have the directory binding set in the JSS and it's the first thing after "Prepare First Run Script".



Any help would be greatly appreciated JAMF!

I would try setting it to "Always except during enrollment" which is LESS restrictive than "Always"



I believe this does not require a restart.

Hey all! I'm running into the same issues described above. I'm running 9.100.0-t1499435238 in my development Jamf Pro instance and run into the below error despite which method of enrollment I use (i.e. user-initiated web enrollment, QuickAdd package or sudo jamf enroll -prompt from the CLI).



There was an error.

Error enrolling computer: Unable to establish trust with the JSS - The jamf binary could not connect to the JSS because the web certificate is not trusted.


I have also listed my Settings>Computer Management - Management Framework>Security settings for reference which were adjusted at one point. I haven't restarted the Tomcat service after these settings were modified but did manage to test using the three aforementioned enrollment methods, all of which reproduce the above error.



UPDATE: I've rebuilt the SSL certificate to no avail. Here are the steps that I took.



From JSS Settings > Apache Tomcat Settings:
1. Click Edit.
2. Check "Change the SSL Certificate for HTTPS" and click Next.
3. Check "Generate a certificate from the JSS's built-in CA and click Next.
4. Click Done.
5. Log onto Jamf Pro server and restart Tomcat service.


After performing the above, the expiration date on the SSL certificate is now set to 07/31/2018, as expected.

Resolved: completely remove your binary/framework between tests and then try again :)

Instead of completely removing your binary, try running the following command: 



sudo jamf trustJSS

@mlavine, this worked for me! Thank you so much! Was just about to call uncle and file a support ticket... :)

@mlavine



You are a ROCK STAR!!!



C

@mlavine that command doesn't work for me.
I have to use certificate from the JSS's built-in CA instead of the wildcard certificate from Godaddy.

@Steven.Xu did you check time and date on the computer?

@Chriskmpruitt the time and the date was correct.
I checked my ssl certificate here (https://www.sslshopper.com/ssl-checker.html), and the result show my certificate missed something, so I recreate the certificate and upload the certificate to JSS, and that works, and no error when check the ssl certificate.

@Steven.Xu thanks for the tip and URL! I was able to find my problem (intermediate certs were missing) and recreating my cert did the trick.

We are having same "web certificate trust" issues - our network admin updated our Tomcast server with a wildcard SSL and is now adding "intermediate certs"..I am really hoping this will resolve our DEP enrollment problems..Haven't been able to get DEP to work for nearly a month!

@wilfredov Did you make any progress on this? We use a wildcard cert as well and are having the same issues.

Same issue here after upgrading JSS to 10.4.1, before the upgrade never happened. I tried to recreate the JSS Built-in Cert as we are not using a SSL, but it still no go.
Not sure what happened or what to do next. keep this thread posted in case I find a solution

@dfracassa have you solved this ? after upgrade to jamf pro we are having the same issue

No never fixed, still an issue! Call support and they were useless they told me to use SSL cert which I am not gonna do for internal Corporate usage.

@shibao_si forgot the tag

I have JSS version 9.101.0-t1504998263. I was getting same error as above "The jamf binary could not connect to the JSS because the web certificate is not trusted.



I have changed my Settings>System Settings>Apache Tomcat Settings and changed my cert to a 3rd party cert which the JSS loaded fine and is good until 2020. I then restarted the Tomcat service.



I have verified my Settings>Computer Management>Security and it has Enable certificate-based authentication checked, Enable push notifications checked, SSL Cert Verification is "Always except during enrollment", Package validation "When checksum is present"



Changing all this before never changed my result.



I tried the suggest command sudo jamf trustJSS and the only difference I have now is "Downloading required CA Certification(s). There was an error. Message has no content.



Now all the sudo jamf policy/manage/recon commands result in "There was an error. Message has no content"



I also went to SSLShopper and my 3rd party cert checks out fine.



Any suggestions?



UPDATE: I was having a certificate issue on an internal firewall. Problem has been resolved. I was being assured that the firewalls were running the proper certificate. Hope this may help someone else.

Reply


Terms & ConditionsCookie settings