JAMF binary could not connect to the JSS because the web certificate is not trusted?

Poseiden951
Contributor

Hi JAMF Nation!

After using Casper Imaging, I run into a couple of issues.

1) The Mac's do not enroll into the JSS Take that back. It shows up in the JSS as unmanaged, that's about it.

Running sudo jamf policy manually in terminal gives this error: JSS Username: xxxx
JSS Password: xxxx (admin pass and username on JSS)
SSH Username:xxxx
SSH Password:xxx
Downloading required CA Certificate(s)...
2015-03-09 15:06:35.214 jamf[980:3523] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9812)
2015-03-09 15:06:35.244 jamf[980:3523] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9812)

There was an error.

Error enrolling computer: Unable to establish trust with the JSS - The jamf binary could not connect to the JSS because the web certificate is not trusted.

I even restarted the Tomcat and MySQL servers.

2) The management account doesn't show, but it shows in Casper Admin

3) Mac's do not bind to AD after imaging. We have the directory binding set in the JSS and it's the first thing after "Prepare First Run Script".

Any help would be greatly appreciated JAMF!

43 REPLIES 43

shibao_si
New Contributor II

@dfracassa have you solved this ? after upgrade to jamf pro we are having the same issue

dfracassa
New Contributor III

No never fixed, still an issue! Call support and they were useless they told me to use SSL cert which I am not gonna do for internal Corporate usage.

dfracassa
New Contributor III

@shibao_si forgot the tag

pluksch
New Contributor

I have JSS version 9.101.0-t1504998263. I was getting same error as above "The jamf binary could not connect to the JSS because the web certificate is not trusted.

I have changed my Settings>System Settings>Apache Tomcat Settings and changed my cert to a 3rd party cert which the JSS loaded fine and is good until 2020. I then restarted the Tomcat service.

I have verified my Settings>Computer Management>Security and it has Enable certificate-based authentication checked, Enable push notifications checked, SSL Cert Verification is "Always except during enrollment", Package validation "When checksum is present"

Changing all this before never changed my result.

I tried the suggest command sudo jamf trustJSS and the only difference I have now is "Downloading required CA Certification(s). There was an error. Message has no content.

Now all the sudo jamf policy/manage/recon commands result in "There was an error. Message has no content"

I also went to SSLShopper and my 3rd party cert checks out fine.

Any suggestions?

UPDATE: I was having a certificate issue on an internal firewall. Problem has been resolved. I was being assured that the firewalls were running the proper certificate. Hope this may help someone else.