+12So I have just finished moving my JSS and distribution points from OS X to Ubuntu servers.
I also used this opportunity to move from 8.71 to 9.1 and then 9.11. All the settings are modified, everything looks good except for one thing...
My production environment has the hostname oldcasper.domain.org and the new one is just casper.domain.org. Problem is the URI in the CA cert. for PKI still shows the old host.
How do I generate a new one?
+18go to the settings area
system settings
apache tomcat settings
delete then create a new one
I think.
I was working with JAMF Support on a similar issue yesterday. Here's the instructions they gave me:
On your 9.11 JSS, go to JSS >> Settings >> Apache Tomcat Settings >> Edit >> Change the SSL certificate used for HTTPS >> Generate a certificate from the JSS's built-in CA
Once that's done, restart Tomcat to have it to load the certificate.
For your clients, you may need to run the following commands after the Tomcat restart to ensure they pick up the new certificate:
sudo jamf manage
sudo jamf recon
+19Similar issue when changing the management url and host on 8.71.
Could you please update if these steps are successful.
+12I guess I should clarify. I have already got SSL working for the Web interface by getting a public wildcard cert in "Apache Tomcat Settings".
Specifically I was concerned about the fact that the cert. I get if I go
Global Management > PKI > Download CA Certificate
I get a certificate created in 2011 on the old host. :( And there doesn't appear to be any way to create a new one in the gui. Will send an email to my guy and update here.
+12Here are the steps I used to get a new public cert. working for the web interface of the JSS. Orginally I was following the old doc.
https://jamfnation.jamfsoftware.com/article.html?id=115
without noticing "Versions affected". I figured it wouldn't be a problem though as after setting up the keystore the old way I figured I could just import it via the gui. This didn't work.
So I followed the new procedure
https://jamfnation.jamfsoftware.com/article.html?id=138
But...
1.) it doesn't tell you how to use openssl to generate a key and a CSR and
2.) it doesn't tell you how to get a ca bundle that will work.
Here is what I did. I didn't document all the errors and output etc. because I was getting fairly annoyed at this point... ;)
### Create Keystore and CSR ###
+19I was told by support the URI on the built in CA root (which refers to the previous hostname) is not currently used. However I don't feel good about it having the previous host name in this field.
Also I'm not sure how to go about replacing the built in CA root without breaking MDM.
+10We are in a similar situation, and I just discovered this thread. It's not clear how you resolved things. Did you ever find a way to generate a new built-in CA cert?
+13We had that issue when we try changing names on our DEV environment.
Warning!!! Don't do this on a production environment. Test and test everything on a DEV environment first (we had issues with MDM/Configuration Profiles after this change).
This test has been done long time ago on v8.xx so check with your account manager first and get the recommended steps from them.
https://jamfnation.jamfsoftware.com/discussion.html?id=6487#responseChild33649
+10Correct Kumarasinghe.
In our case we backed up our production database and restored it to a new (test) server, so we would have some data to work with. Of course the certs and everything came with it, so that's why I'm looking at this.
Fortunately, since it's a test jss, we have some flexibility to tinker.
Thanks!
+8Hi all.
I've hit the same problem mentioned in this post.
I had to rebuilt my JSS server from scratch. I restored the MySQL database and now I'd like to reset the internal CA.
In the PKI settings there isn't any option to rebuild it. Do I have to follow [https://jamfnation.jamfsoftware.com/article.html?id=115](THIS) procedure?
Thanks to all.
Jack
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
