Help

Another tomcat cert posting

Go to solution
Kedgar
Contributor

Posted on ‎03-10-2015 06:37 PM

Hello,

I have a ticket with JAMF open. We have been having a large amount of issues lately, and I decided to drop our old Casper infrastructure and do a total overhaul. So I have a brand new manually installed JSS (on rhel). The main issue I'm having at this point is that the tomcat cert isn't seeming to work properly.

What I mean by this is that I have created a new java keystore and have imported signed tomcat and root certs signed by my AD CA. Browser-wise everything seems to be working fine, however I start to see things fall apart when I try enrolling my JDS and running the jamfds policy command. It says that the cert is bad... the server name either does not match, or it isn't signed. The other place I see a problem is in the Tomcat Settings page where there should be specifics about the cert, see attachment.

Has anyone run into this issue? Do you have any suggestions?cbe474d1d3be491bbf1b7a12f9277647

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Kedgar
Contributor

Posted on ‎08-31-2015 01:35 PM

We are using certs signed by our Active Directory CA. I figured out that the issue was regarding the server naming as I had thought. This is no longer an issue. I needed to set the name on the cert to match the cname of our JSS... this was the cause.

View solution in original post

0 Kudos
Reply
4 REPLIES 4

Go to solution
Not applicable

Posted on ‎03-10-2015 07:48 PM

Does it say something like "JAMF binary could not connect to the JSS because the web certificate is not trusted?"

I've been having that issue lately and can't figure out why.

0 Kudos
Reply

Go to solution
Kedgar
Contributor

Posted on ‎03-11-2015 08:00 AM

What happens is that the JDS seems to enroll fine, however on the JSS, it shows up as "No Name". Then on the JDS, I run "jamfds policy" and recieve "The SSL certificate is invalid. Verify that it is not self-signed or expired, and that the hostname matches."

My Naming is as follows:

JDS:
appjds.schoolspecialty.com. 3600 IN CNAME sirius.in.schoolspecialty.com.
sirius.in.schoolspecialty.com. 3600 IN A 10.13.53.38

JSS:
jss.schoolspecialty.com. 3600 IN CNAME voldemort.in.schoolspecialty.com.
voldemort.schoolspecialty.com. 3600 IN A 10.13.53.43

I'm using the CNAMEs for everything, not sure if that is an issue or not. However I receive the same error when using the A record names.

0 Kudos
Reply

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎03-12-2015 12:28 AM

@Kedgar Self signed cert? & does the main URL have a valid cert (self signed or not)?

0 Kudos
Reply

Go to solution
Kedgar
Contributor

Posted on ‎08-31-2015 01:35 PM

We are using certs signed by our Active Directory CA. I figured out that the issue was regarding the server naming as I had thought. This is no longer an issue. I needed to set the name on the cert to match the cname of our JSS... this was the cause.

0 Kudos
Reply