JSS Certificate Communication Problem

Question

We have a signed certificate from GeoTrust on our JSS. So I enabled the new &#034;Use certificate communication with JSS&#034; setting. The warnings said nothing about ensuring that the clients can access the JSS with the certificate- only to ensure that the JSS has a valid certificate.

Well now a bunch of our 10.5 Macs can't connect to the JSS because they don't trust the certificate. I looked and the GeoTrust Root CA is not installed on there. I installed it on one, and now Safari doesn't give the untrusted message, but running jamf log still doesn't work.

Any ideas how I can fix this?

On side note- after all of this, I just found the extension attribute to check for compatibility. I wish in the documentation would have indicated to run that before enabling the setting.

ryan_yohnk · Accepted Answer

I would keep an eye on the thread Don posted. It sounds like a very similar issue. While the command apple4ever posted will add the CA certificate to the System trust, curl on 10.5 uses a different list of trusted CAs. There's a post on the other thread about how to update the list of trusted CAs on 10.5 machines. Let us know if that helps.

Ryan

apple4ever · Answer

I should also know that I tried the following command:sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Desktop/GeoTrust_Root.cerThat still didn't work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded