Jamf Nation Community

Thanks for posting that @snowfox. I just ran into that today with my AS machine. Since I’m new to user-initiated enrollment, what’s the purpose of the CA profile?

The MDM profile gets installed first and a (CA) Certificate Authority certificate then gets installed. The CA certificate establishes the trust relationship between your Mac and the MDM server. It only happens either via Automated Device Enrolment or User Initated Enrolment. Without it your workstation won't communicate with the MDM server or trust it or anything that might download from it.

Interesting. Til now I’d enrolled with QuickAdd packages and it never installed a CA profile. Also, I’d used Mosyle in the past and their user-initiated enrollment just installed the MDM profile with no CA that I could see.

When you click on the green word 'Verified' in the MDM profile on the Workstation, it will display the trusted certificate chain in a drop down window. The CA is not an actual listed config profile. The CA certificate is usually the root certificate in the chain and it is usually 'YourOrganisation JSS Built-in Certificate Authority'. Or it can be an external CA if you purchased and installed one on your Jamf Pro.

At least in Big Sur on my Apple Silicon MacBook Air, the CA Certificate does indeed show up as a User-level profile.

I am not using a Quick Add package just a log in screen and an assignment screen like these