Apple Education Support - User Images

luke_reagor
Contributor II

Can anyone shed some light on what I need to do when it comes to the 'Certificate Download' and 'Upload Additional Certificate' options?

I've went thorough all the docs I can find and the most helpful line is this:
"save the certificate in the appropriate location dictated by your web server vendor."

That just doesn't help me much.

I have our images on an apache2 web server and they working correctly using SSL. They are accessible inside our network and out. When I attempt to add our wildcard certificate as the 'Additional Certificate', I get a message that it has not been uploaded. You can see the process in the pics.

Does anyone had more detailed information on what to do with the certificate I get from the Download button and what certificate to upload as an Additional Certificate?

38f5b135aaf64253be0af5f436665366
1c20395a4d614b21be9e7b238a78d3b1
716e87286c88414a8d9ee69ff562b84c
5807ad2ef3d7489bac5d7631e52e818d

When I use the test button and use a valid url to a user image, I get this:
2e5b051bc6364b078175bf200048b260

12 REPLIES 12

russeller
Contributor III

@luke.reagor this was tricky, but I got it working. JAMF support provided me some documentation that got it all working for me. My first mistake was trying to get it working from a Win2012R2 server. Maybe it's possible but way beyond my understanding of certs. Once I spun up a Ubuntu VM and followed their directions I got it working. Once I get back to my desk I'll post them here.

Are you putting all your images in a single directory? Are the images named in a systematic way? Based on user ID or something similar?

luke_reagor
Contributor II

Yes, they're all in a single directory and named systematically. It's on an Ubuntu VM so hopefully the instructions you have will work for me too. πŸ™‚

russeller
Contributor III

Hey @luke.reagor,

Here is the document that was provided that helped me set up my Ubuntu VM: here

Ignore the last couple pages that are about setting up IIS (which doesn't work as of now, I think they were a work in progress). Also, don't forget (if you haven't already) when your setting up your URL on the settings pages you posted to put the appropriate variable at the end of the URL (including the extension). ex. https://imageserver.com/studentimages/$USERNAME.png

ASM Reference Here: Casper Admin Guide

russeller
Contributor III

dup

luke_reagor
Contributor II

@ssrussell, Thanks for the info. I already had that part working, so it didn't help with my specific issues. However, I did get some instructions from our TAM that helped further explain how to get the images working. Here's the document:

https://drive.google.com/open?id=0B1G0Rt4a6S4vTldNQ1JRWkVzaE0

Hopefully it may help others.

Unfortunately, this process has helped us discover a problem in our DB that is preventing us from uploading certificates, and therefore causing us to get the errors in the pics above.

Nix4Life
Valued Contributor

IIRC, there was an issue with uploading a .cer. The fix was renaming the .cer to .der to get it uploaded, not sure if it's relevant here, but worth a try

luke_reagor
Contributor II

@LSinNY, I gave it a try, but the upload box only accepts pem or p12. Thanks for the idea though. πŸ™‚

luke_reagor
Contributor II

To wrap up our issue, we found that a chrome extension was preventing us from performing certain actions on the JSS's webpages, including uploading the certs. Once we had the extension problem under control, we could get back to configuring the web server to host the images. While the JAMF photo server doc [https://drive.google.com/open?id=0B1G0Rt4a6S4vTldNQ1JRWkVzaE0](link URL) was extremely helpful, we are using haproxy for load balancing so we had to do things a little different to get it working on that server. Here's the instructions for the haproxy configuration : [https://drive.google.com/open?id=1O_gXyCguULy6Qw_oBA7glhkyQgDOGX4ljaOTqHEzXwA](link URL)

russeller
Contributor III

Hey @luke.reagor Off topic: I'm looking into using HAProxy in my environment. Can you post any resources that you used for setting up HAProxy for your JSS clustered environment? NBD if you just google-pieced it together I was planning on doing that.

luke_reagor
Contributor II

@ssrussell , I'll make a new topic for my haproxy config and tag you in it. That way it's a little better organized and easier to find for others. πŸ™‚

nethers
Contributor

Which certificate do you push to devices?

luke_reagor
Contributor II

@nethers We didn't push out any specific certs to clients for the photo server. We have two bind statements in haproxy, one for the standard 443 port ( bind :443 ssl crt /etc/ssl/our_wildcard_cert.pem ) which is our wildcard cert, and one for the port we use for the photo server ( bind :9999 ssl crt /etc/ssl/webcert_w_key.pem ca-file /etc/ssl/photoca.pem verify required ).