Posted on 03-03-2013 06:54 AM
Hi all,
We're in the middle of our big JSS rearchitecture project. It's become apparent from Apple's doc's that I might have to upgrade the MDM certs on each of our currently registered clients to the new address we have for our JSS server. (We're attempting to manage clients outside of our internal network.).
The question now is do I have to update the currently existing MDM certificates on our computers so that they contact the right address? Currently 90% of them have certs with the old internal server name instead of our service address.
If I have to do that, is there any way to read into an extension attribute the address the current cert is looking for? I'll just scope a policy to replace the certs if the computer is pointing to the wrong place.
Posted on 03-03-2013 07:34 AM
Actually i've got the script. I'm now wondering how necessary it will be.
#!/bin/sh
# Script to check and report on an OS X device MDM certificate.
CurrentJSSURL=$( profiles -C -v | grep "organization:" | cut -d " " -f 4 )
if [ -z $CurrentJSSURL ];
then
echo "<result>No MDM Certificate</result>"
exit 0
fi
echo "<result>$CurrentJSSURL</result>"
exit 0