We already have a Config Profile that pulls Computer Certificates from AD for use in 802.1x. That works great under the current setup. I just learned that our developers have a server they login to that works best with an AD User certificate for authentication. So I decided to build a separate Config Profile that is only there to pull a User Cert. I'm having difficulty getting this to work. Here's what I have:
General- "AD User Certificate" Description: a basic description Category: "Required Updates" Distribution Method: I've tried both but currently it is "Make Available in Self Service" Allow Removal: I've tried both, but currently it is on Yes Level: Computer Level (since we aren't using user logins for Self Service) It's all assigned by Computer.
AD Certificate- Description: a simple description
Certificate Server: our cert server in FQDN format (the same as what we're using for Computer certs)
Certificate Authority: the proper CA name (the same as what we're using for Computer certs)
Cert Template: The proper template as provided by our CA admin
Cert Expiration notification: 30 days
Prompt for credentials: NO (but i've tried YES and it never prompts)
username and password: empty (the same as what we're using for Computer certs)
Allow access to all apps: YES
Allow export from keychain: NO
I've scoped to my Mac as a test with no limitations or exclusions.
I have basic Self Service info for testing purposes.
When I install from Self Service, I get an error "There was a problem installing AD User Certificate. Contact your administrator" There are no errors in /var/log/jamf.log In the system.log I only see
--> Config Profile AD User Certificate failed with: Error Domain=JAMFSoftware/SelfService Code=20 "Quit and re-open Self Service to try again." UserInfo={NSLocalizedDescription=Quit and re-open Self Service to try again.}I verified in System Preferences > Profiles that it is not installed. And I checked the various levels of the keychain and it's not there either.
What am I missing to get User Certs installed?
