Jamf Nation Community

thoule · ‎06-25-2014

I'm playing with JDS with the intent of swapping our storage at some point soon. So I setup a new JSS server in a VM. It is working well, I thought.

When I try to add the JDS to it, I get the following error. Any ideas? I guess i need to rebuild my self signed certificate on my server, but I'm not quite sure how to do that...

##### Enter JDS and JSS information ##### JDS Hostname: jds1mydomain.edu JSS URL: https://tuna.mydomain.edu:8443/ JSS Username: maint JSS Password: Allow untrusted SSL certificate? (y/n): y error: (51) - SSL: certificate subject name (tuna Self Signed) does not match target host name 'tuna.mydomain.edu'

were_wulff · ‎06-25-2014

@thoule

The JDS can’t actually use a self-signed certificate, so if that’s what we have, that’s what we need to take care of.

Since you’ve mentioned you set up a new JSS to test with this, if you go to System Settings >> Apache Tomcat Settings what do you see under “Issuer”?
If it says “self-signed”, that would be the problem.

We’ll need to either use the JSS’s built in CA or a third party certificate for the JDS to work.

Built-in is the easiest one to get in there, we just click Edit then Next until Next turns into Done, and restart Tomcat.

For a Third Party certificate, we have a general overview KB, but for the correct instructions you’d want to check the support section of the certificate vendor (they’ll usually have a Tomcat specific setup article), as they tend to have pretty specific instructions based on the type of certificate purchased.

Thanks!
Amanda Wulff
JAMF Software Support

View solution in original post

were_wulff · ‎06-25-2014

@thoule

The JDS can’t actually use a self-signed certificate, so if that’s what we have, that’s what we need to take care of.

Since you’ve mentioned you set up a new JSS to test with this, if you go to System Settings >> Apache Tomcat Settings what do you see under “Issuer”?
If it says “self-signed”, that would be the problem.

We’ll need to either use the JSS’s built in CA or a third party certificate for the JDS to work.

Built-in is the easiest one to get in there, we just click Edit then Next until Next turns into Done, and restart Tomcat.

For a Third Party certificate, we have a general overview KB, but for the correct instructions you’d want to check the support section of the certificate vendor (they’ll usually have a Tomcat specific setup article), as they tend to have pretty specific instructions based on the type of certificate purchased.

Thanks!
Amanda Wulff
JAMF Software Support

thoule · ‎06-26-2014

Thanks @amanda.wulff,
I knew I needed to rebuild the cert, but expected it command line and didn't think to look in JSS tomcat settings. That did it.

geoffreykobrien · ‎12-03-2014

Im seeing the following error on a new intall with 12.04.5
jamf@JAMF-JDS:/usr/local/jds/logs$ tailf jamf.log
2014-12-03 11:45:02,410 ERROR (60, 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none')
Traceback (most recent call last): File "/usr/local/jenkins/workspace/jamfds-build-release/label/Dodger/build/pyi.linux2/jamfds/out00-PYZ.pyz/jss_comm", line 81, in _perform
error: (60, 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none')
2014-12-03 11:50:01,981 INFO Checking for policies...
2014-12-03 11:50:02,295 ERROR Communication error with the JSS
2014-12-03 11:50:02,296 ERROR (60, 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none')
Traceback (most recent call last): File "/usr/local/jenkins/workspace/jamfds-build-release/label/Dodger/build/pyi.linux2/jamfds/out00-PYZ.pyz/jss_comm", line 81, in _perform
error: (60, 'server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none')

Jamf Nation Community

JDS Certificate Error