Help

JSS Certificate Communication Problem

Go to solution
apple4ever
New Contributor

Posted on ‎01-09-2012 09:54 AM

We have a signed certificate from GeoTrust on our JSS. So I enabled the new "Use certificate communication with JSS" setting. The warnings said nothing about ensuring that the clients can access the JSS with the certificate- only to ensure that the JSS has a valid certificate.

Well now a bunch of our 10.5 Macs can't connect to the JSS because they don't trust the certificate. I looked and the GeoTrust Root CA is not installed on there. I installed it on one, and now Safari doesn't give the untrusted message, but running jamf log still doesn't work.

Any ideas how I can fix this?

On side note- after all of this, I just found the extension attribute to check for compatibility. I wish in the documentation would have indicated to run that before enabling the setting.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ryan_yohnk
New Contributor II

Posted on ‎02-15-2012 11:29 AM

I would keep an eye on the thread Don posted. It sounds like a very similar issue. While the command apple4ever posted will add the CA certificate to the System trust, curl on 10.5 uses a different list of trusted CAs. There's a post on the other thread about how to update the list of trusted CAs on 10.5 machines. Let us know if that helps.

Ryan

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
apple4ever
New Contributor

Posted on ‎01-09-2012 10:53 AM

I should also know that I tried the following command:

sudo /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Desktop/GeoTrust_Root.cer

That still didn't work.

0 Kudos

Go to solution
donmontalvo
Esteemed Contributor III

Posted on ‎02-08-2012 05:23 AM

FYI, another thread with similar issue:

https://jamfnation.jamfsoftware.com/discussion.html?id=3761

Don

--
https://donmontalvo.com
0 Kudos

Go to solution
ryan_yohnk
New Contributor II

Posted on ‎02-15-2012 11:29 AM

I would keep an eye on the thread Don posted. It sounds like a very similar issue. While the command apple4ever posted will add the CA certificate to the System trust, curl on 10.5 uses a different list of trusted CAs. There's a post on the other thread about how to update the list of trusted CAs on 10.5 machines. Let us know if that helps.

Ryan

0 Kudos

Go to solution
apple4ever
New Contributor

Posted on ‎02-23-2012 07:33 AM

Yep, that was the problem. I had to actually manually add the root CA certs to the bundle, but once I did that and put it in the right place, it work.

Thanks!

0 Kudos