It's normal! The JSS uses its own internal PKI for Mac clients, to enable certificate authentication. The "JSS Built-In Signing Certificate" is just the JSS' public key certificate, which lets clients can verify communications with the JSS (if enabled), and encrypt their communications when talking to the JSS.
For Mac clients, you have to use the internal PKI on the JSS - there's no other option. For Mobile Clients, the JSS can act as an SCEP proxy. Check the Admin Guide for details on that, if you want to set it up.
