PKI Setup Confusion

powellbc
Contributor II

When you specify for the JSS to "Use External Certificate Authority" it prompts you to enter information regarding the SCEP server. I don't know what this is and have never dealt with this before (my only experience with SSL certs is ISS 6/7). If I use the Signing Certificate Assistant do I still need to enter this information?

Our University has a contract with InCommon/Comodo for our certificates. For further background, we are not implementing any mobile device management at this point, we just want a real (not self generated) SSL certificate on the server so there is no error generated when accessing the server.

2 ACCEPTED SOLUTIONS

jarednichols
Honored Contributor

jarednichols
Honored Contributor

These instructions were the original way to get your JSS to talk with a signed SSL cert. Now there's some automation/help built into the JSS. However, if you have a cert from another source than your own SCEP server, this is the process you still follow.

View solution in original post

5 REPLIES 5

jarednichols
Honored Contributor

I believe you should check this out:
https://jamfnation.jamfsoftware.com/article.html?id=115

powellbc
Contributor II

Thanks for posting this. Is this in lieu of doing it via the console or just a manual way to do it?

jarednichols
Honored Contributor

These instructions were the original way to get your JSS to talk with a signed SSL cert. Now there's some automation/help built into the JSS. However, if you have a cert from another source than your own SCEP server, this is the process you still follow.

powellbc
Contributor II

Thanks for the info. The whole SCEP server thing was new to me, so I thin that is where the confusion arose from. The process also seems very kludgy compared to what I am used to with IIS (which has its own set of issues too).

jarednichols
Honored Contributor

Yeah when you're talking something that's not Tomcat (e.g. Apache or IIS) it's a lot more straight forward. You start mucking about with keytool and it can get confusing very quickly if you're not used to dealing with PKI.