Here is my current dilemma:
We have about 70 Macs in Production right now. Our network team requires a user certificate installed in each user's Keychain in order for them to access VPN (Junos Pulse). Until recently, with which I assume was either a Safari or OS update, our Macs were able to access the internal site we use to generate user certs, Microsoft AD Certificate Services. Now, the site will not load properly when accessed from a Mac, which I am told is due to ASP not playing nice with any non-IE browser (including FireFox and Chrome).
Not a huge deal, as we have VMs on our machines that can access the site too from IE, so I could request the user cert from each user's machine by having them log in to request the cert, then exporting the cert and private key from IE in their VM to their Mac desktop, then importing it into the user keychain.
However, now our Infrastructure teams have made all private keys non-exportable, in effect crippling my method of generating user certs for our Mac users, at least how I know how to do this.
My bigger problem is that I'm really the only Mac guy at the office - and I don't know Microsoft AD certificate services that well. Our infrastructure team is reluctant to make exportable private keys, which is understandable, but traps me between a rock and a hard place with getting our Mac users the certificates they need.
Does anyone know if there is a way to request an individual user cert via Casper, by pointing it at the URL for the site we use, then having a user authenticate in Self Service or something and install the cert at user-level? It appears there is via SCEP in the configuration profiles section, but I can't be certain.
Any advice you can provide would be greatly appreciated, and I'll do my best to answer questions.
Thanks!
