I followed the steps to create a CSR and have Apple sign said CSR as per this post:
I converted the signed cert to a .p12 format, Apple confirmed our IP was whitelisted, and I still cannot get the GSX connection to work.
I am using the following URI: https://gsxapi.apple.com/gsx-ws/services/am/asp
The error I get on testing is "Unknown Fault" with an XML stringout and a separate HTML stringout
<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:glob="http://gsxws.apple.com/elements/global"><soapenv:Header/><soapenv:Body><glob:Authenticate><AuthenticateRequest><userId>brian.mccarthy</userId><languageCode>EN</languageCode><userTimeZone>PST</userTimeZone><serviceAccountNo>0000898845</serviceAccountNo></AuthenticateRequest></glob:Authenticate></soapenv:Body></soapenv:Envelope>
<html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>Shield</center> </body> </html>
Any ideas on what I'm doing wrong?
@brian_mccarthy I just resolved a GSX-related issue with help from jamf support. Ended up having to get a renewed cert following the steps in the KB article. The issue was with the self-signed cert from the JSS, so we had to recreate via the command line.
The support guy told me this is one of those things that Apple does not give them access to, so you may need to schedule a webex with them to troubleshoot further.