Skip to main content

Hi, 

I've been back and forth with support for over a week trying to get Jamf Connect to issue a user certificate upon connection. I've got a User Certificate Configuration profiles in Jamf that i can request certificates through self service with no issues.  But for some reason, Jamf Connect just can't handle the request.  Our CA admin can't even seen any failed requests from any of my test machines trying to request certs. 

Kerberos appears to be working as i'm able to generate new tickets with a good connection to Jamf Connect and SSO works with all of our SSO secured sites. 

in the Jamf Connect logs when a connection is made i'm receiving the following:

I'll be the first to tell you that i think certificates are magic so i don't fully understand them. And I'm not sure what 

"Certificate doesn't match current user principal" means. 

We're authenticating through OKTA to get our kerberos Tickets. In the JAMF connect logs I can see that Kerberos Auth Succeeded and it pulls down my AD user record. 

The only discrepancy that i'm seeing is that in the JC logs it shows my Principal as Username@domain.root.loc and when i generate a cert using a jamf configuration profile the NT principal is my email address (which is different than Username@domain.root.loc)

has anyone had experience with this? 

 

 

Loveless, were you able to find a solution for this issue?

Also wondering if you were able to resolve this? 

I have the same problem, getting: Certificate doesn't match current user principal.

Nobody with an idea for this?

This threads a little old now, but just wanted to post a comment so I'll be notified of any updates. I'm testing out Jamf Connect and am attempting to get it to issue a cert as well, with no luck. I can't even tell if it's trying. The process seems to be a black box with no easy way to tell why it's not working or if it's even trying to grab a cert.

If anyone has been able to get this to work, I'd love to know how.

Terms & ConditionsCookie settingsAccessibility statement