9.8, GSX setup

hkabik
Valued Contributor

Got my certs uploaded, but when I run a test I get:

org.apache.http.conn.HttpHostConnectException: Connect to gsxapi.apple.com:443 [gsxapi.apple.com/17.151.129.22] failed: Connection timed out: connect

How do I know if this is on my end and I need to open something up internally, or if this is on Apple's end and they haven't whitelisted my IP yet?

Do they send an email specifically announcing the whitelist? I haven't received anything mentioning it yet.

1 ACCEPTED SOLUTION

hkabik
Valued Contributor

NM, Apple finally replied to my question.

Hello,

Your IP’s are not yet whitelisted.

IP whitelisting currently has a 7-10 day turn around time.

As soon as I have confirmation of the IP’s being whitelisted I will notify you.

View solution in original post

5 REPLIES 5

hkabik
Valued Contributor

NM, Apple finally replied to my question.

Hello,

Your IP’s are not yet whitelisted.

IP whitelisting currently has a 7-10 day turn around time.

As soon as I have confirmation of the IP’s being whitelisted I will notify you.

JHerrin
New Contributor II

I recently moved our JSS and I need to whitelist the new IP-Address, can I ask how you contacted apple to get your ip-address whitelisted?

zinkotheclown
Contributor II

@hkabik Did you generate a CSR from your JSS? Did you also have to send GSX a public key?

hkabik
Valued Contributor

I tried to generate a CSR from the JSS but Apple refused it because it had the extension certSigningRequest instead of CSR.

So I renamed it to a .csr extension and Apple refused it because it was giving them the following error:

"Certificate request is INVALID! The following errors must be addressed before submitting:
Organization is required
Invalid signature algorithm detected. Signature algorithm must use SHA-2 (Note: SHA-1 and MD5 are too weak and not supported).”

So I ended up just creating it manually using Java's keytool. Then imported the chain pem Apple sent back into the keystore and exported the .p12 and it uploaded into the JSS perfectly.

zinkotheclown
Contributor II

Thanks for that bit of info! I was confused on which cert to convert.