Jamf Nation Community

bentoms · ‎02-16-2012

Hi all,

We have an internal CA. That inturn has created a cert for our JSS.

Our base images are created from the installer packages in Casper admin. (like an InstaDMG image).

If we tell the clients that the JSS has a valid cert, the devices cannot verify the cert as they don not have the root ca cert installed.

So, would creating a custom PKG that installs the root ca cert & trusts it. With the pkg being installled at the OS compile resolve this issue?

bentoms · ‎03-14-2012

I successfully managed to do this, but have since purchased a public SSL cert for my JSS authentication.

This then deploys my companies root CA cert etc..

View solution in original post

bentoms · ‎02-16-2012

Sorry that made little sense.

If I tell the JSS it has a valid cert. @ build the client will not verify the cert as it does not trust the CA.

So would installing the CA as part of the image resolve this?

Matt · ‎02-16-2012

I lay down a package that puts the certs in a temp folder then I used to do a script that injected Certs on first login of each user (including a policy flush post imaging of course), now I use the configuration profile. I don't know if that would work for you or not.

bentoms · ‎02-16-2012

Thanks Matt.

But if your clients expect the JSS to have a valid cert, yet they do not have the root CA installed.

Does the first run policy fail as the client doesn't trust the jss?

bentoms · ‎03-14-2012

I successfully managed to do this, but have since purchased a public SSL cert for my JSS authentication.

This then deploys my companies root CA cert etc..

Jamf Nation Community

Installing internal root ca cert to sign JSS cert.