Skip to main content
Question

https Casper JSS certificate renewal?

  • August 10, 2016
  • 4 replies
  • 32 views
B
Forum|alt.badge.img+10

Hi all,

Our SSL certificate must have ran out, as we have just notice in the past few days we get https crossed out in our browser when going to https://<our url>:8443. I'm seeing some of the JSS pages don't display properly, and when enrolling with Self Service, it always ends with a fail message (although the installation and enrolment had succeed).

I have since tried to renew the certificate. I go to Computers > Management Settings > System Settings > Apache Tomcat Settings. I edit it, and choose "Change the SSL Certificate used for HTTPS > Generate a certificate from the JSS's built-in CA"... etc. After clicking though to the end, It says it will take affect after I restart Tomcat.

I did restart Tomcat, but afterwards, it looks exactly the same. https is still crossed out at browser URL.

Any suggestions?

4 replies

bentoms
Forum|alt.badge.img+35
  • bentoms
  • Hall of Fame
  • August 10, 2016

@Bernard.Huang What you're seeing is "normal" for a self signed certificate.

I'm guessing your JSS used to be signed with a cert from a 3rd party like DigiCert, Symantec or some such?

You have 2 choices really:

  1. Purchase & install a new 3rd party/external CA cert
  2. Stick with self-signed, & then make some JSS amendments to allow for that.

There is a 3rd thing, you might have used a self-signed cert & deployed to clients to sign the communication. But... Don't do that.

easyedc
Forum|alt.badge.img+16
  • easyedc
  • Esteemed Contributor
  • August 10, 2016

What version of the JSS are you using? Are you still getting failed messages when you try to enroll devices? We have 2 servers - internal and DMZ. When we renewed, the server.xml file on the DMZ server didn't update it's location info for the internal server's SSL key. I had to copy the string from the internal to the DMZ and that brought everything back into line.

B
Forum|alt.badge.img+10
  • Bernard_Huang
  • Author
  • Valued Contributor
  • August 10, 2016

Gentlemen,

Thanks for your input so far :)
Based on @bentoms suggestion, I had to find out what certificate I had previously.
But upon looking, I see it's a jamfsoftware.com certificate. So it's internal.
What's more, the certificate expires in December 2017.

So, what could I be doing wrong? :(

O, and I'm using JSS version 9.82. I know it's old, but it's working.

easyedc
Forum|alt.badge.img+16
  • easyedc
  • Esteemed Contributor
  • August 11, 2016

@Bernard.Huang It's probably the self-signed cert generating that error. If you use a browser like Chrome or tools like https://www.sslshopper.com/ssl-checker.html it can provide where the trust fails, but it'll be something along the lines of self-signed certs aren't trusted.

Terms & ConditionsCookie settingsAccessibility statement