Help

Error using signed configuration profile ??

Go to solution
robbo007
New Contributor II

Posted on β€Ž03-25-2021 03:48 AM

Hi everyone,
I've followed this guide: https://www.jamf.com/jamf-nation/articles/649/creating-a-signing-certificate-using-jamf-pro-s-built-in-certificate-authority

And i'm signing my configuration profile with this command:
/usr/bin/security cms -S -N "JamfSign" -i ~/Desktop/Custom.mobileconfig -o ~/Desktop/Custom-signed.mobileconfig

I don't get any errors when signing but when I try and upload the signed configuration profile to Jamf I get a "File cannot be processed" error. If I double click on the signed profile to test it on a mac I get an error opening it.

Any ideas what I'm doing wrong?

Thanks,

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mainelysteve
Valued Contributor

Posted on β€Ž03-25-2021 07:50 AM

@robbo007 Have you used Profile Creator before? It has Jamf Connect payloads prebuilt and the profile can be signed during the export process without too much guesswork.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
jmandler
New Contributor III

Posted on β€Ž03-25-2021 06:37 AM

Possibly a silly question, but are you using "JamfSign" as the common name (CN) of the certificate? The data after --sign must be the CN.

0 Kudos

Go to solution
robbo007
New Contributor II

Posted on β€Ž03-25-2021 07:06 AM

Good question. No, I'm using the actual certificate I created in keychain and then uploaded to my jamf server then added again to my keychain again. (process is the same as start of the document). I've also tried using the -Z" value "Subject Key Identifier" to sign the configuration and I get the same results.

The configuration profile I'm using was created on the jamf server and then downloaded.

I'm try to get jamfconnect Azure AD integration working under Prestage. IT works if I push out via policies to the already enrolled computers but I need this working at prestage level.

0 Kudos

Go to solution
mainelysteve
Valued Contributor

Posted on β€Ž03-25-2021 07:50 AM

@robbo007 Have you used Profile Creator before? It has Jamf Connect payloads prebuilt and the profile can be signed during the export process without too much guesswork.

View solution in original post

0 Kudos

Go to solution
robbo007
New Contributor II

Posted on β€Ž03-25-2021 09:59 AM

@mainelysteve Thanks I'll take a look.

0 Kudos

Go to solution
robbo007
New Contributor II

Posted on β€Ž03-26-2021 08:18 AM

Right Profile Creator rocks. So much easier. Got the profile signed and now prestage authenticates with Azure AD. Cheers

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.