Just Created new APNS Cert for Internal JSS, how about DMZ JSS?
DMZ JSS is appliance (JSS tomcat) instance only connecting to internal JSS with main database.
I believe it has to be the same exact JAMFSignedCSR.plist from internal JSS and MDM_ JAMF Software, LLC_Certificate.pem for DMZ JSS.
I tried to use just a newly downloaded JAMFSignedCSR.plist and new MDM_ JAMF Software, LLC_Certificate.pem, and I got a message about a new "topic" having to re-enroll, Cancelled that right away.
I suppose just I need just the MDM_ JAMF Software, LLC_Certificate.pem
thx in advance
If you have an internal and a DMZ instance, they must be configured as a cluster. They also need to have the same host name record internally as well as externally. Finally, you will need an SSL certificate from a publicly verifiable authority like Symantec, Entrust, VeriSign, etc. This is the only way that your managed clients will be able to verify and trust the JSS both inside and outside the network.
It would be a good idea to ensure that all nodes can reach APNS. Configuration Profiles and device management commands are sent by the JSS that triggered them, not by the designated Master JSS.
You may have a case where a newly enrolled or reënrolled device's first encounter with the JSS is on the outside, and the DMZ will be the one generating the MDM payloads for that device.