Institutional FileVault keychain

New Contributor II

Hi there,

I have made an institutional keychain but can't seem to upload it to my JSS. I am either not sure where to upload the certificate so that it shows up as a choice or perhaps I need to enable a permission to do so.



New Contributor II
New Contributor II

Hi Anne, in order to upload the certificate to the JSS, you will need to create a Disk Encryption Configuration object. You can find the configurations under Settings -> Computer Management -> Disk Encryption Configurations, and you will need the JSS user "Disk Encryption Configurations" privileges. Once you have a Disk Encryption Configuration, you can select the Recovery Key Type of either Institutional or Individual And Institutional and a new option will appear to upload the Institutional Recovery Key.

Note that you will need to export the key from the Keychain on your Mac. There is a KB article here showing this process, and the relevant admin guide page is here