Jamf Nation Community

Last week I migrated our jss from a Xserve (early 2008) to a Mac mini server (Mid 2011). The host name for the server was Device001.domain.edu with a static IP. Our network team had setup an alias to jss.domain.edu to that IP when we first started using CasperSuite. The newer Mac mini has a hostname of Device999.domain.edu with a different Static IP. All of the clients have been configured to connect to jss.domain.edu

• Asked network team to remove the alias to the Xserver. (Clients stop reporting and act as if there is no network connection to the JSS.)
• Backed up the JSS Database.
• Copied the database over to the newer server.
• Imported the JSS Database.
• Verified the jss alias no longer resolved on a few different subnets. (At our location, it can take up to 20 minutes for the DNS tables to get updated.)
• Then had them enable the jss.domain.edu alias on the newer Mac mini server.

All the clients now report to the newer server, without any changes to the client. The only data that got missed was any inventory reports that were submitted during the time the jss alias wasn't "alive".

Both the Xserver and the new Mac mini are using the built-in JAMF certificate. Next I have to work on getting a real cert from an external vendor. I am not sure what would have happened if the original server had a certificate assigned to device001.domain.edu and then made the migration.

Page 39 of the Casper Suite 8.6 Admin Guide has some more info.

Thanks guys

Okay just nervous, hence why I am asking. I know the science just want the experience. I am moving to a new domain that coincides with our wild card certificate.

Going from domain1.subdomain.domain.com to domain1.domain.com getting rid of that subdomain part so we can use our wildcard cert

Hence the questions.

@jarednichols don't think that would work with me since I am using this new SSL cert eh?

If you wildcard *.domain.com it should. I've not worked with wildcard certs, however. I'm generally not a fan of them, but I understand their appeal.

Be careful if you are going to change the JSS URL!!!!

No need to worry if it is only a server name change and DNS alias is pointing to the new server.

I was going to change our DEV environment to PROD and had this issue. At the end I have created a new database for the PROD and started from scratch.

If you are changing your JSS URL, please check this to see if you get any issues with the certificates:

1. Go to https://newjssurl:8443/ca.html > Click "Download CA Certificate "and check the CA certificate of the new JSS url;

we've seen the new server CA's having the old server's URI details;
e.g- in the uri field of te CA shows ```
URI https://oldjssurl:8443//CA/JAMFCRLServlet
```

To rectify this CA cert issue, I did 'truncate table certificate_authority_settings' of the JSS Database and upon restarting Tomcat it created the CA automatically. Than I did "Replace with certificate from the JSS's built-in CA" step.

BUT

by doing this caused all my Configuration Profiles to say Unverified even on newly imaged machines.

Please check this and get JAMF engineers involved if you are going to change the JSS URL.

Hi @Kumarasinghe .
I have to resurrect this old post.
I've hit the same problem mentioned in this post.
I had to rebuilt my JSS server from scratch. I restored the MySQL database and now I'd like to reset the internal CA.
In the PKI settings there isn't any option to rebuild it. Do I have to follow [https://jamfnation.jamfsoftware.com/article.html?id=115](THIS) procedure?
Thanks to all.

Jack

@Jachk In your JSS go to Settings>System Settings>Apache Tomcat Settings>Edit>Change the SSL certificate used for HTTPS>Generate a certificate from the JSS's built-in CA then restart Tomcat.
That should generate a new JSS in-built CA cert.

@Jachk We have created a brand new database for PROD instead of migrate DEV to PROD to get a proper clean certs etc.
So please contact JAMF regarding this.

Thanks