AD CS Connector error

buhruce
New Contributor II

When trying to deploy a PKI certificate we get this in the server logs:

We don't want to return an X509 Cert from a PKCS12 data blob

Anyone see this before? we are jamf hosted.

8 REPLIES 8

miles_gratz
New Contributor

We are seeing this issue too. What was the fix?

ejculpepper
Contributor

I'm seeing this in our server logs as well while testing AD CS, haven't had any luck finding a solution yet.

vpt
New Contributor II

I seem to have the same error in my logs but my computers are still getting the certificates. Are yours not getting installed?

lashomb
Contributor II

Seeing this as well for on prem. Not sure what the issue is here as the cert comes down.

jason_d
New Contributor III

I saw that error too when I first set up AD CS Connector, not very helpful. Do you see the requests coming through to your CA?

MacKobus
New Contributor II

Seeing this as well. We're not seeing the requests coming through our CA either.

rduarte
New Contributor II

Any fix for this? Can't get ADCS connector to deliver machine certs on behalf of CA

peter
New Contributor III
New Contributor III
We don't want to return an X509 Cert from a PKCS12 data blob

I can confirm that this specific error message in this case is just noise and not indicative of an actual error.

The majority of actual error logging for AD CS Connector requests will be in the com.jamfsoftware.jss.objects.pki.adcs package. If you enable debug logging for this package (or globally) then you should be able to see detailed logging of the request/response around Jamf Pro and AD CS Connector communication. Any unrecoverable errors are logged at the error level by default.

If Jamf Pro and the AD CS Connector are able to communicate then you should be able to see an error message returned by the AS CS Connector with a reason code that begins with "CR_DISP". If you don't see anything like that then there may be an issue with how the connection between Jamf Pro and the AD CS Connector is configured.