Help

Mountain Lion Cert issues via profiles

AdamH
New Contributor II

Posted on ‎01-04-2013 11:40 AM

OK... so Casper being able to push out SCEP Certs via Profiles has been tremendously helpful in our environment. So going to Lion has been a great move. However, now that I'v moved to Mountain Lion (or testing going to it), its working different. The user cert that it was pulling down before is now going into the user keychain AND the SYSTEM keychain.
So now when another user logs in, they're using the previous user's cert.

Has anyone seen this behavior in Mountain Lion yet?

0 Kudos
Reply
3 REPLIES 3

glutz
New Contributor III

Posted on ‎01-04-2013 12:31 PM

We have been working with JAMF on SCEP Profiles for some time and that has not been an experience we have had yet. What do you see in the Management History? Are you seeing two separate Profiles running? Did you create the profile and upload it? if you did you are able to create multiple cert requests in one.

0 Kudos
Reply

colonelpanic
Contributor

Posted on ‎01-04-2013 01:12 PM

do you need to use scep? or could you use the AD cert request plugin that comes with 8.62? It might be called something slightly different, I can't look it up right now since I just took our 8.62 server offline to run diagnostics, but that's what we use and we have never had a problem with user certificates.

best of luck!

0 Kudos
Reply

AdamH
New Contributor II

Posted on ‎01-07-2013 06:38 AM

This is a cert profile that was crated through the JAMF GUI rather than uploaded. In Lion it would work as expected, a user logs in, it gets the cert and allows access to the internal WiFi- then the wifi is available to each user using their own cert. On out test M-Lion build, the first person to log in has a cert created and its fine- works. Then the next person will log in and the Wifi won't work because its trying to use the other user's cert which doesn't match the current person logged in. The current user has the right cert, so the management history shows everything working as usual, but the previous user has a personally named cert in the system keychain.

We're currently on 8.6.... but if 8.62 can use AD certs.... that may help us streamline the procedure.

0 Kudos
Reply