Help

JSS SSL cert

Asnyder
Contributor III

Posted on ‎09-15-2017 01:22 PM

I've got a new JSS up and running. It's been going for a little over a month now. Everything was running fine but now https doesn't seem to be working. I get the ssl error every time I go to log into the server and some of my clients are getting the following:

Result of command:<br/>Getting management framework from the JSS...<br/>Enabling MDM...<br/>Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned -915 (Unable to contact the SCEP server at “https://casper.nfvschools.com:8443//CA/SCEP”.)<br/>Problem installing MDM profile.<br/>Problem detecting MDM profile after installation.

This week I started moving clients to the new server and I'm getting all kinds of issues. Some of them aren't getting MDM profiles because of this it seems. I've had teachers only on this server for about 2 weeks. Everything seemed okay so I started moving students and now I'm about neck deep in complaints.

Ideas?

0 Kudos
Reply
2 REPLIES 2

steveadams
New Contributor III

Posted on ‎09-17-2017 12:24 PM

I had the same problem with a new SSL certificate recently
I was seeing this SCEP error and not getting MDM profiles delivered on any clients not running macOS 10.12

Ended up being the root CA wasn't trusted by the OS apart from macOS 10.12, see if you're getting a similar pattern with your clients.

Check out https://support.apple.com/en-gb/HT202858

0 Kudos
Reply

alexjdale
Valued Contributor III

Posted on ‎09-18-2017 12:16 PM

Yeah, I had a similar issue and the solution was to explicitly trust the intermediate CA cert. The internal root CA cert was trusted and this works fine for everything else, but MDM SCEP didn't want to walk up the chain.

Apple makes you explicitly trust every CA cert at some point, it seems like. There's always some app or service that requires it.

0 Kudos
Reply