Adding Comodo CA certs to machines after reimaging

gmce87
New Contributor III

Hi, I'm looking to get an idea of how others are managing the installation of any required third-party CA certs during reimaging.

Our org uses a wildcard certificate from Comodo to validate our JSS identity. It seems that a number of our machines are missing the Comodo RSA Organization Validation Secure Server CA intermediate certificate, they all seem to get Comodo's root cert with no issue, but since they lack the intermediate one, they can't validate the identity of our JSS and our machines are unable to get their config profiles. Once the cert gets installed, the server identity is validated and profiles get installed happily.

I'd gotten around this previously by deploying the certificate via a policy which sends the cert to the JAMF folder in Application Support, and then runs a script to add it to the system keychain. I've tried adding this policy as part of the Casper Imaging configuration after the OS imaging is completed, however my colleague's advised me that it doesn't appear to have worked and he's had to download and install the certificate manually instead.

What methods are you folk using for getting necessary certificates onto your machines if you're unable to deploy them via a config profile?

Thanks

1 REPLY 1

Cornoir
Contributor II

we add 15 certs via a mobileconfig file during imaging