Skip to main content
Question

Yosemite Not Pulling Certificate From ADCS (AD Certificate Configuration Profile)

  • May 14, 2015
  • 8 replies
  • 31 views
ndelgrande
Forum|alt.badge.img+5

Is anyone else running into a problem with fresh Yosemite Macs, not able to get a certificate from an Active Directory Certificate Server using the AD Certificate Config Profile? It's working fine for Mavericks, but not Yosemite. I took the exact same Mac, built it with our Mavericks configuration and it worked. I then re-built it with our Yosemite configuration, and it didn't work. "Cert Request Failed" is the only error we see.

Even when trying manually using profiles -I -F <path to mobileconfig file> doesn't work.

JSS version 9.66 which will be upgraded to the latest version later this week.

I wanted to ask here before I opened a ticket.

Thanks

  • Nick

    8 replies

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • May 14, 2015

    It is working ok for us at a couple of sites.

    I would have a look at the settings on the certificate template on the CA and the server side logs.

    The client won't tell you much, other than the enrollment failed. I think that is by design to avoid compromising security.

    ndelgrande
    Forum|alt.badge.img+5
    • ndelgrande
    • Author
    • Contributor
    • May 14, 2015

    Thanks David. I can't post the template for security reasons. Are you on 9.72?

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • May 14, 2015

    It's 9.65 in our case.

    ndelgrande
    Forum|alt.badge.img+5
    • ndelgrande
    • Author
    • Contributor
    • May 14, 2015

    Good to know you got it working. Unfortunately the ADCS server is supported by another team in another state.

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • May 14, 2015

    Hopefully it will be embraced with open arms!

    I'm working for an external support company so always have to request changes from the onsite CA server admin at the clients sites. It can be a challenge sometimes.

    B
    Forum|alt.badge.img+7
    • bofh
    • Contributor
    • May 15, 2015

    Hi,

    at first - I added the CA and the Intermediate CA Certificate to the mac ...

    after that i configured the CA Settings within the same Configuration profile like this:

    Be sure that:
    The Certificate Template exists
    The User you are using is existing and has rights on the template
    You use HTTP (without S!) to connect to certsrv.

    But - I have some issues too which i couldnt address so far - i thought about DNS but that can't be a Problem.

    bofh

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • May 20, 2015

    @ndelgrande2 Works fine for us, are the clients bound at the time of the request?

    ndelgrande
    Forum|alt.badge.img+5
    • ndelgrande
    • Author
    • Contributor
    • May 20, 2015

    Yes, everything has been setup and working since 10.9. It was just showing as "pending" forever for any new Yosemite Configuration. We think the ADCS box was having issues, as I just heard certs are pulling again but I need to test.

    Thanks for all the help and feedback.

    Terms & ConditionsCookie settingsAccessibility statement