Jamf Nation Community

hunter990 · ‎01-11-2017

Hello, we are stuck and wanted to come here and ask.

We cannot get the CA cert to load onto a system thus no profiles or other APNs functions are working. Jamf Support mentioned that we need an intermediate cert that works with our SSL cert. We retrieved that and have the same issue. Support has insisted that the CA cert is not the issue itself but not positive if that is the case. The one recommendation to to nuke and pave the server which we are trying to avoid. All our ports are working 2195, 2196, 443 outbound - 443, 8443 inbound to the server. 5223 outbound from the clients. Communication both ways has been confirmed.

We are running behind a load balancer and the SSL cert is sitting both on the server and on the load balancer itself. The other option we are toying with is exporting the built in CA and having it uploaded as the SSL cert. Problem is I think our security team may not be agreeable on that one.

I just wanted to see if anyone had any thoughts.

mscottblake · ‎01-11-2017

Is your CA cert a private CA that's not natively trusted on macOS? If that's the case, you'll need to trust the cert on each client before enrollment. That's a shitty situation, but it can be done relatively easily with a custom QuickAdd that has a preinstall script to perform the trust.

JPDyson · ‎03-01-2017

It's not all that bad - I've never worked anywhere that the JSS was signed by an external CA, and you just package and deploy the CA (and intermediates if needed) as a part of deployment.

Is that you, Jeff? Would love to hear from you - drop me an email (jpdyson at the googley email place dot com)

hunter990 · ‎06-13-2017

@JPDyson yup, it's me. Sorry to just reply now. You get busy and sometimes don't get back to threads that you start or comment in, lol. I'll work o dropping you a line here soon.

Jamf Nation Community

Cannot establish trust between the Client and the JSS - CA failing to load along with profiles