Posted on 07-14-2020 07:07 PM
I've inherited a JSS from someone else and see steps detailed in link below to set up a JSS - GSX connection but in our case we will be renewing it — 1) are those same steps needed for that?
Also 2) can the same GSX certificate once renewed be added to two JSSes?
https://www.jamf.com/jamf-nation/articles/26/integrating-with-apple-s-global-service-exchange-gsx
Thanks for pointing me in the right direction...
Posted on 02-17-2022 10:54 AM
(I know I'm responding to an old post, hopefully this will help someone at some point.)
1) Kinda. I generate the CSR manually with (this is a copy of my internal documentation):
openssl genrsa -aes256 -out privatekey.pem 2048
openssl req -new -sha256 -key privatekey.pem -out certreq.csr
After receiving the certs back from Apple, you can then follow the guide you linked, specifically the step "Converting the Apple Certificate (.pem) to .p12 Format."
2) Yes, you can use the same GSX Cert in multiple Jamf Pro instances, HOWEVER, each instance will need its own, unique GSX user account (and Partner API Token).
Posted on 10-18-2022 12:21 AM
Hi @MLBZ521 is the "Sold-to account number" the same as "Customer Account Number" Not seeing anything in MyAccess for
GSX Sold-to account number: #######
GSX Ship-to account number: #######
Posted on 10-18-2022 10:46 AM
Hey @dlondon, yes the `GSX Sold-to account number` is the same as `Customer Account Number` in MyAccess.
10-18-2022 11:49 PM - edited 10-18-2022 11:50 PM
Thanks @MLBZ521
I just shot off my request but the automated response also mentioned the need to provide
Raw JSON request and response and full request and response headers
Raw XML request and response
Is that something you have seen seen? I'm hoping it can be ignored
Posted on 10-19-2022 10:57 AM
@dlondon I think it can be if you are connecting this to Jamf Pro or at least specify that that is what you're doing. This is the same method that would be used for AASPs when integrating GSX APIs into a proprietary POS system.
Posted on 11-28-2022 11:40 PM
Thanks @MLBZ521 got it working finally. I was forgetting to change the pem received back from apple to p12 and the Jamf interface seemed to imply I could use a pem so kept failing. Backtracked through the documentation mentioned above and realised my mistake.
Posted on 11-29-2022 07:59 AM
Yeah......never trust Jamf.....
Posted on 11-29-2022 08:02 AM
Glad the information was helpful to someone though!
3 weeks ago
One thing that might not be so obvious is that whilst you can see the content of the pem cert received back from Apple in finder, when you convert it to p12 you cannot. However if you import it to keychain it will prompt for the Export Password used when you converted to p12 and then you can see the full cert in keychain.
There's probably a way on the command line to do the same thing