Posted on 09-17-2015 04:50 AM
Peeps...
Has anyone tried 9.8 and uploading their Apple provided GSX certificate?
I did so last night, and got an error stating that the key pair was missing. (see attached)
I already emailed Apple GSX support, but just thought I'd throw this out there to see if anyone else was experiencing the same...
Solved! Go to Solution.
Posted on 09-17-2015 12:17 PM
we go this sorted. The CN entry in the CSR had a typo. Once fixed and new cert created by Apple, all is well.
Unreal. For a company based on simplicity, Apple sure made GSX access a pain in the butt.
Posted on 09-17-2015 05:22 AM
Does Step 3 in the KB for GSX help? https://jamfnation.jamfsoftware.com/article.html?id=26
It looks like for a CSR that is not generated in the JSS for GSX, directions for generating the the key-pair are shown in Step 3
Posted on 09-17-2015 05:29 AM
Thanks Tom,
Did not see those instructions, but it won't work anyway, as when I dragged the cert into Keychain Access, the private key is missing.
Guess I gotta generate a new CSR and deal with Apple again.
Posted on 09-17-2015 06:04 AM
I was having the same issue, I contacted GSX Web Support and was told "The private key would have been created on your side when you created the CSR file.
If you do not have the private key you can create a new CSR and a new Private Key, and I will revoke the old Certificates and create new PEM files and send them back to you."
What we ended up doing was create a .p12 file from our privatekey submitted to GSX Web Support and the Applecare..pem file received back. You will need the password used to create the privatekey.
Instructions are located at https://www.tbs-certificates.co.uk/FAQ/en/288.html
I now have connection to GSX and have downloaded purchasing information on over 250 devices to verify.
Posted on 09-17-2015 06:05 AM
Ok, so I generated a new CSR..this time from the JSS, sent it to apple and this time they’re telling me the following:
"Certificate request is INVALID! The following errors must be addressed before submitting:
Organization is required
Invalid signature algorithm detected. Signature algorithm must use SHA-2 (Note: SHA-1 and MD5 are too weak and not supported).”
Ugh….
Posted on 09-17-2015 06:06 AM
matt.smalley posted an openssl command that could be used to create the p12 file at https://jamfnation.jamfsoftware.com/discussion.html?id=16640.
If that works for you, you could avoid generating another CSR.
Posted on 09-17-2015 06:13 AM
Thanks fellas.
I just found the initial CSR and private key that I generated way back in May, and ultimately sent to Apple.
If I sent them both files, I find it ridiculous they sent me a cert back that didn't contain the key.
Posted on 09-17-2015 07:22 AM
@mradams Thanks so much for info, we finally got ours working with your instructions. I to had contacted Apple again and they wanted to create new certs and what not.. Thank goodness I found this Jamf article before I had to redo all of that. Thanks again!
Posted on 09-17-2015 08:43 AM
ok, so I've managed to get the new cert from Apple and merged it with the private key created with the CSR. It's uploaded into JSS successfully, but when I test it, it fails. See below.
Any ideas? I've verified the sold-to account is correct.
Posted on 09-17-2015 08:45 AM
Verify the .pem received from Apple has the correct sold to account number in its name.
Posted on 09-17-2015 08:54 AM
It does, yet still fails.
Posted on 09-17-2015 12:17 PM
we go this sorted. The CN entry in the CSR had a typo. Once fixed and new cert created by Apple, all is well.
Unreal. For a company based on simplicity, Apple sure made GSX access a pain in the butt.