Skip to main content

We have a signed certificate from GeoTrust on our JSS. So I enabled the new "Use certificate communication with JSS" setting. The warnings said nothing about ensuring that the clients can access the JSS with the certificate- only to ensure that the JSS has a valid certificate.



Well now a bunch of our 10.5 Macs can't connect to the JSS because they don't trust the certificate. I looked and the GeoTrust Root CA is not installed on there. I installed it on one, and now Safari doesn't give the untrusted message, but running jamf log still doesn't work.



Any ideas how I can fix this?



On side note- after all of this, I just found the extension attribute to check for compatibility. I wish in the documentation would have indicated to run that before enabling the setting.

I should also know that I tried the following command:



sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Desktop/GeoTrust_Root.cer


That still didn't work.

FYI, another thread with similar issue:



https://jamfnation.jamfsoftware.com/discussion.html?id=3761



Don

I would keep an eye on the thread Don posted. It sounds like a very similar issue. While the command apple4ever posted will add the CA certificate to the System trust, curl on 10.5 uses a different list of trusted CAs. There's a post on the other thread about how to update the list of trusted CAs on 10.5 machines. Let us know if that helps.



Ryan

Yep, that was the problem. I had to actually manually add the root CA certs to the bundle, but once I did that and put it in the right place, it work.



Thanks!

Terms & ConditionsCookie settings