Help

PKI Setup Confusion

Go to solution
powellbc
Contributor II

Posted on ‎05-07-2012 08:18 AM

When you specify for the JSS to "Use External Certificate Authority" it prompts you to enter information regarding the SCEP server. I don't know what this is and have never dealt with this before (my only experience with SSL certs is ISS 6/7). If I use the Signing Certificate Assistant do I still need to enter this information?

Our University has a contract with InCommon/Comodo for our certificates. For further background, we are not implementing any mobile device management at this point, we just want a real (not self generated) SSL certificate on the server so there is no error generated when accessing the server.

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-07-2012 08:43 AM

I believe you should check this out:
https://jamfnation.jamfsoftware.com/article.html?id=115

View solution in original post

0 Kudos
Reply

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-07-2012 10:50 AM

These instructions were the original way to get your JSS to talk with a signed SSL cert. Now there's some automation/help built into the JSS. However, if you have a cert from another source than your own SCEP server, this is the process you still follow.

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-07-2012 08:43 AM

I believe you should check this out:
https://jamfnation.jamfsoftware.com/article.html?id=115

0 Kudos
Reply

Go to solution
powellbc
Contributor II

Posted on ‎05-07-2012 10:30 AM

Thanks for posting this. Is this in lieu of doing it via the console or just a manual way to do it?

0 Kudos
Reply

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-07-2012 10:50 AM

These instructions were the original way to get your JSS to talk with a signed SSL cert. Now there's some automation/help built into the JSS. However, if you have a cert from another source than your own SCEP server, this is the process you still follow.

0 Kudos
Reply

Go to solution
powellbc
Contributor II

Posted on ‎05-07-2012 10:53 AM

Thanks for the info. The whole SCEP server thing was new to me, so I thin that is where the confusion arose from. The process also seems very kludgy compared to what I am used to with IIS (which has its own set of issues too).

0 Kudos
Reply

Go to solution
jarednichols
Honored Contributor

Posted on ‎05-07-2012 11:26 AM

Yeah when you're talking something that's not Tomcat (e.g. Apache or IIS) it's a lot more straight forward. You start mucking about with keytool and it can get confusing very quickly if you're not used to dealing with PKI.

0 Kudos
Reply