- Jamf Nation Community
- Products
- Jamf Pro
- Re: Force Trigger From Self Service
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Force Trigger From Self Service
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2021 01:24 AM
Hi all,
I have a .pfx file with password, It must be installed all computer but for users account not a system.
So i deploy it to private/var/tmp and execute Command.
cd /private/var/tmp && security import Deploy_User.pfx -k ~/Library/Keychains/login.keychain -P \password
It works in my computer when i try to run in terminal. But in in jamf it did not work. Also did not copy to var/tmp my .pfx file.
But when i deploy from self service. Everything is fine. Users can install from Self Service. And also i can see that login keychain. But i cannot deploy silently. i have lots of users. So i cannot say to everyone that install from self service.
So i need to force installing from all users self service. Do anyone know that?
Anyone have other solution?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2021 05:40 AM
@Beriuv Is this certificate common for all users, or unique for each? If it's common you could deploy a User Level Configuration Profile with a Certificate payload containing your certificate. You can set the Distribution Method to Install Automatically or Make Available in Self Service .
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-11-2021 10:52 PM
It is not Unique. Certificate is same for All Users. I must see our Certificate in Keychain with login status.
This is a .pfx file with password. You can see my Config Profile. It didn't work. Nothing is distribute. So i changed my decision and i run command as you see on first message. And In Self service, it is ok to install and if i deploy to user this pfx file, User must write sudo jamf policy. If not, Policy cannot apply.
Also you can see my config Profile.
General
Name Display name of the profile
Certificate - CONNECT_SSLVPN_USER
Description Brief explanation of the content or purpose of the profile
Category Category to add the profile to
Configuration Profiles
Level Level at which to apply the profile
User Level
Distribution Method Method to use for distributing the profile
Install Automatically
----------------------------------------------------------------------------------------
Certificate
Certificate Name Display name of the certificate credential
Connect_SSLVPN_User
CERTIFICATE
Upload Certificate
Filename
Connect_SSLVPN_User.pfx
Password Password used to secure certificate credentials
••••••••••••••••••••
Verify Password
••••••••••••••••••••
Allow all apps access
Allow all apps to access the certificate in the keychain
Allow export from keychain
Allow computer's administrators to export private key from the keychain
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-12-2021 07:16 AM
@Beriuv Deploying a certificate to the user's login keychain should work. Does the management commands log show that there was an error deploying the profile? Does the .pfx you're deploying have the complete certificate trust chain for the final certificate (i.e. contains the root and any intermediate CAs if the issuing CA isn't one of Apple's pre-installed Global CAs). And BTW, you probably shouldn't flag a certificate that's being used to authorize access to your VPN as exportable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-15-2021 02:31 AM
When user download from self service which is prepared with policy by me , certificate is correct and we can see in keycain access with login. But if i deploy with like this as you can see, nothing is change and also i cannot see any log.
General Name Display name of the profile Certificate - CONNECT_SSLVPN_USER Description Brief explanation of the content or purpose of the profile Category Category to add the profile to Configuration Profiles Level Level at which to apply the profile User Level Distribution Method Method to use for distributing the profile Install Automatically ---------------------------------------------------------------------------------------- Certificate Certificate Name Display name of the certificate credential Connect_SSLVPN_User CERTIFICATE Upload Certificate Filename Connect_SSLVPN_User.pfx Password Password used to secure certificate credentials •••••••••••••••••••• Verify Password •••••••••••••••••••• Allow all apps access Allow all apps to access the certificate in the keychain Allow export from keychain Allow computer's administrators to export private key from the keychain
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-15-2021 06:40 AM
@Beriuv Have you checked System Preferences->Profiles on the target Mac to verify your Configuration Profile with the certificate actually installed? Unlike Computer Level profiles that install almost immediately there can be a delay before a User Level profile installs. You can speed up the issue somewhat by restarting the target Mac.
