Help

Deploy Cisco Umbrella Root Certificate via JAMF

Go to solution
shikhartodaria
New Contributor II

Posted on ‎07-14-2023 03:08 AM

Can anyone help me out in figuring out how to Cisco Umbrella Root Certificate via JAMF. 

 

The link from Cisco only shows how to deploy the certificate on a single machine.

Install the Cisco Umbrella Root Certificate

Any help would be really helpful.

 

Thanks

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-14-2023 06:02 AM

Deploy it in a Configuration Profile. Add the "Certificate" payload into the profile, and you'll have an option to select the certificate (.cer or otherwise) from your device and add it to the profile. Set any of the other options in the payload you need to. It can then be scoped and pushed to any Macs you want.

Just keep in mind if the profile becomes removed from the Mac, the certificate will get removed as well. It's not the same as if it got installed manually or via a script, but I don't recommend going the scripted way anymore. Pushing it in a profile is easy, nearly instantaneous and sets the trust for the certificate properly.

View solution in original post

Go to solution
AJPinto
Honored Contributor II

Posted on ‎07-17-2023 04:46 AM

We recently moved away from Cisco AnyConnect and its family of products. Thank god. I always found Ciscos documentation to be miserable and not maintained, and their support to be lacking. Which is egregious for the size of company Cisco is.

 

In any event, to deploy any certificate to macOS you would use a Configuration Profile.

 

AJPinto_0-1689594275120.png

AJPinto_1-1689594375960.png

AJPinto_2-1689594385565.png

AJPinto_3-1689594405276.png

 

 

View solution in original post

4 REPLIES 4

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-14-2023 06:02 AM

Deploy it in a Configuration Profile. Add the "Certificate" payload into the profile, and you'll have an option to select the certificate (.cer or otherwise) from your device and add it to the profile. Set any of the other options in the payload you need to. It can then be scoped and pushed to any Macs you want.

Just keep in mind if the profile becomes removed from the Mac, the certificate will get removed as well. It's not the same as if it got installed manually or via a script, but I don't recommend going the scripted way anymore. Pushing it in a profile is easy, nearly instantaneous and sets the trust for the certificate properly.

Go to solution
AJPinto
Honored Contributor II

Posted on ‎07-17-2023 04:46 AM

We recently moved away from Cisco AnyConnect and its family of products. Thank god. I always found Ciscos documentation to be miserable and not maintained, and their support to be lacking. Which is egregious for the size of company Cisco is.

 

In any event, to deploy any certificate to macOS you would use a Configuration Profile.

 

AJPinto_0-1689594275120.png

AJPinto_1-1689594375960.png

AJPinto_2-1689594385565.png

AJPinto_3-1689594405276.png

 

 

Go to solution
shikhartodaria
New Contributor II

Posted on ‎07-20-2023 04:40 AM

Thanks, guys, for the help. I was able to deploy the cert using a configuration profile but somehow, i am not able to redeploy it if the cert has been deleted from the machine. I have tried both smart group and manual device add but if the cert is deleted, it does not redeploy. The distribution method is set as install automatically.

0 Kudos

Go to solution
mm2270
Legendary Contributor III
In response to shikhartodaria

Posted on ‎07-20-2023 04:59 AM

To redeploy a cert that was deployed from a profile if it was deleted, you need to remove the Mac from the scope of the profile and then re-add it. Easiest way to do this is to add the Mac to the Exclusion tab in the scope section, save, then, remove it from the exclusion and save again. In between these steps you might need to wait until the Mac has successfully removed the profile before removing it from the exclusion section. 

The other option is to repush it to all devices in scope. That would send the profile out again to all machines, even if they already have it. 

0 Kudos