Posted on 05-08-2015 08:10 AM
Hello everyone,
Currently testing moving my JSS to a new box, with a new DNS and I would like to update the built in CA.
Old JSS: jss.domain.extra.com:8443
New JSS: casper.domain.com:8443
TomCat has been updated to reflect casper.domain.com
I currently have the new JSS running (testing it) and when I go to Global Management > PKI > Built in CA > Download CA Certificate I get the old CA (jss.domain.extra.com).
How can I update that? I searched around on jamf nation and found no solutions. Thanks!
Solved! Go to Solution.
Posted on 05-08-2015 10:00 AM
I'm 100% aware of the consequences. But, I'll just keep our old DNS and save myself the trouble.
Posted on 05-08-2015 09:24 AM
The short answer is, you wouldn't really want to do this. Changing the CA would invalidate all of the certificates it's issued, breaking the trust between enrolled machines and the JSS.
When moving a JSS to a new box, with a new DNS name, I'd recommend starting with a fresh database.
Posted on 05-08-2015 09:29 AM
Breaking the trust would be fine and I really don't want to start a new database. Are there any guides on how to create a new CA?
Posted on 05-08-2015 09:55 AM
When you say breaking the trust would be fine, you do realize that would mean that devices would stop communicating with your JSS, right? Unless you're planning to re-image / re-enroll all of your devices after the change anyway, I would still highly advise against this.
I haven't seen anything posted publicly on how to reset the CA, I'm guessing because it has the opportunity to be so destructive. Have you tried opening a case with your TAM? They can probably help you with this.
Posted on 05-08-2015 10:00 AM
I'm 100% aware of the consequences. But, I'll just keep our old DNS and save myself the trouble.
Posted on 01-13-2016 04:36 AM
@kitzy Actually for a project i'm working on (personal), I'd be interested in how to do this. My own use case is a JSS that doesn't actually have any computers enrolled into it.