Help

Jamf ADCS connecter not working due to missing client auth config

Kalpeshw
New Contributor III

Posted on ‎08-17-2024 11:46 AM

I have installed ADCS connecter to get PKI certs on mac devices.
After everything correctly configured found that JAMF cloud is communication was rejected by ADCS connecter server. IIS logs shows error code 403.7 this error code generally talks about missing/incorrect client cert.

when I looked into IIS settings from:
"IIS>ADCSProxy website >Configuration Editor>system.webServer > security > authentication >iisClientCertificateMappingAauthentication" 

iisClientCertificateMappingAauthentication config is as below:

  • Enabled --> False
  • oneToOneCertificateMappingsEnabled-->True
  • oneToOneMappings-->(Count=0)

My question is it expected behavior? do I have to manually add the client cert details in IIS iisClientCertificateMappingAauthentication? Ideally certificate connecter installation should have been taken care of this.

 

 

 

 

 

 

0 Kudos
Reply
2 REPLIES 2

halesmin
New Contributor II

Posted on ‎08-20-2024 10:42 AM

@Kalpeshw wrote:

I have installed ADCS connecter to get PKI certs on mac devices.
After everything correctly configured found that JAMF cloud is communication was rejected by ADCS connecter server. IIS logs shows error code 403.7 this error code generally talks about missing/incorrect client cert.

when I looked into IIS settings from:
"IIS>ADCSProxy website >Configuration Editor>system.webServer > security > authentication >iisClientCertificateMappingAauthentication" 

iisClientCertificateMappingAauthentication config is as below:

  • Enabled --> False
  • oneToOneCertificateMappingsEnabled-->True
  • oneToOneMappings-->(Count=0)

My question is it expected behavior? do I have to manually add the client cert details in IIS iisClientCertificateMappingAauthentication? Ideally certificate connecter installation should have been taken care of this.

 

The behavior you're encountering with the iisClientCertificateMappingAuthentication settings and the 403.7 error code suggests that there might be an issue with client certificate authentication.

0 Kudos
Reply

Kalpeshw
New Contributor III
In response to halesmin

Posted on ‎08-20-2024 11:18 AM

  • Onetoonemapping cert now appeared in IIS after multiple reboots on the server.
  • Validated serial numbers of client certificate in jamf ADCS connecter and uploaded certificates on jamcloud. Certificate serial numbers are matching
  • Cleanup old dns records of ADCS connecter server to isolate any dns issue.
  • Validated client certificate mapping in IIS to confirmed that IIS is presenting correct client certificate for SSL handshake (IIS cert validation path system.webServer > security > authentication > iisClientCertificateMappingAauthentication> oneToOneMappings)
  • As per Jamf support changed IIS SSL settings to accept the client certificate and issue persist.

It still shows issue in IIS as error code 403.7 64

0 Kudos
Reply