Skip to main content

When I log into the JSS I am greeted with this message



Your web server certificate expires in 19 days.


I thought I could go to Settings -> Global Management Framework Settings -> Public Key Infrastructure and renew it. I'm not seeing the option there. The old certificate was generated by the JSS. How can I renew it?



BTW we are not using Certificate-Based Communication in Settings -> Computer Management Framework Settings -> Security. So I don't know that an expired certificate will be any problem.



Thanks,
-- jmca

Not sure why you're cert won't renew, however you should be able to log into Apple Identity and check the expiration date of your cert and renew it if you need to.



https://identity.apple.com/pushcert/

Got the answer from Greg Haugen of JAMF support:



The certificate issue is a fairly simple fix. We will need to go to the JSS and follow this path:



1.) JSS >> Settings >> General Settings >> Server Configuration to replace the certificate (if using the built-in certificate, if not contact support for further assistance)



2.) We will need to restart Tomcat as well. This can be completed on a Mac server by:



To restart Tomcat using the JSS Database Utility (v8.4 or later):




  1. Open the JSS Database Utility on the server hosting the JSS.



-Cmd+Shift+G: Library/JSS/bin/JSSDatabaseUtility.jar Go to Utilities (top bar)



-Restart Tomcat

I guess I'm going to be 'that guy' here and say that using self-signed certificates is generally a bad thing to do operationally. There were a couple excellent sessions at the NUC last year talking about this. With the low cost of Public CA signed certs now, I'd really suggest you look into getting a public cert so trust isn't an issue going forward.

Terms & ConditionsCookie settings