Help

https Casper JSS certificate renewal?

Bernard_Huang
Contributor III

Posted on ‎08-09-2016 11:19 PM

Hi all,

Our SSL certificate must have ran out, as we have just notice in the past few days we get https crossed out in our browser when going to https://<our url>:8443. I'm seeing some of the JSS pages don't display properly, and when enrolling with Self Service, it always ends with a fail message (although the installation and enrolment had succeed).

I have since tried to renew the certificate. I go to Computers > Management Settings > System Settings > Apache Tomcat Settings. I edit it, and choose "Change the SSL Certificate used for HTTPS > Generate a certificate from the JSS's built-in CA"... etc. After clicking though to the end, It says it will take affect after I restart Tomcat.

I did restart Tomcat, but afterwards, it looks exactly the same. https is still crossed out at browser URL.

Any suggestions?

0 Kudos
4 REPLIES 4

bentoms
Release Candidate Programs Tester

Posted on ‎08-09-2016 11:54 PM

@Bernard.Huang What you're seeing is "normal" for a self signed certificate.

I'm guessing your JSS used to be signed with a cert from a 3rd party like DigiCert, Symantec or some such?

You have 2 choices really:

  1. Purchase & install a new 3rd party/external CA cert
  2. Stick with self-signed, & then make some JSS amendments to allow for that.

There is a 3rd thing, you might have used a self-signed cert & deployed to clients to sign the communication. But... Don't do that.

0 Kudos

easyedc
Valued Contributor II

Posted on ‎08-10-2016 03:57 AM

What version of the JSS are you using? Are you still getting failed messages when you try to enroll devices? We have 2 servers - internal and DMZ. When we renewed, the server.xml file on the DMZ server didn't update it's location info for the internal server's SSL key. I had to copy the string from the internal to the DMZ and that brought everything back into line.

0 Kudos

Bernard_Huang
Contributor III

Posted on ‎08-10-2016 04:29 PM

ba807b2b86124ae0936c6a32e82c7fbd

Gentlemen,

Thanks for your input so far :)
Based on @bentoms suggestion, I had to find out what certificate I had previously.
But upon looking, I see it's a jamfsoftware.com certificate. So it's internal.
What's more, the certificate expires in December 2017.

So, what could I be doing wrong? :(

O, and I'm using JSS version 9.82. I know it's old, but it's working.

0 Kudos

easyedc
Valued Contributor II

Posted on ‎08-11-2016 04:31 AM

@Bernard.Huang It's probably the self-signed cert generating that error. If you use a browser like Chrome or tools like https://www.sslshopper.com/ssl-checker.html it can provide where the trust fails, but it'll be something along the lines of self-signed certs aren't trusted.

0 Kudos