Skip to main content
Solved

SCEP configuration profile variable.... are there any?


Forum|alt.badge.img+17
  • Contributor
  • 352 replies

I start the getting the SCEP configuration profile to work within our
environment now. But I think it requires variable to generate the
certificate the way we want it.

It seems to be a lack of info regards variables to automate this.
For example:
If I put the below in Subject
CN=%AD_ComputerID%.mydomain.com

I get computername$.mydomain.com (in my case Mac called air, so I get
air$.mydomain.com) in the certs Common Name section.

Also if I put the below in Subject Alternative Name Value
host/%AD_ComputerID%.mydomain.com

I get host/computername$.mydomain.com (in my case Mac called air, so I get
host/air$.mydomain.com) in the DNS name section of the cert

But I would like to get the name without $ sign at the end. Is there a variable for SCEP configurationprofile payload to
achieve this? I hope I have explained it correctly.

I know jSS uses variables with exchange config profile like $USERNAME and
$EMAIL (screen grab). So I am hoping that maybe there is a variable to get
the Mac hostname? I have no idea why %AD_ComputerID% works as variable
either....

Best answer by Cem

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf

View original
Did this topic help you find an answer to your question?

11 replies

Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • Answer
  • July 23, 2012

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf


Forum|alt.badge.img+8
  • Contributor
  • 67 replies
  • June 4, 2013

Hi Cem,
Would you know what Subject name I can use for iOS? I tried both $COMPUTERNAME and $SERIALNUMBER in the SCEP setting in IPCU. The the iPad receive the certificate, it did not reflect it's name or serial number. I have received the certificate which looks like
$COMPUTERNAME.mycompany.com
or
$SERIALNUMBER.mycompany.com
The variables didn't work for me.
Any idea?
Thanks.


Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • June 4, 2013

Casper Suite 8.6 Administrator's Guide.pdf Page 450

Variables for iOS Configuration Profiles There are several variables that you can use to dynamically customize the payloads in an iOS configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the devices to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. Variable Mobile Device Information $UDID UDID $SERIALNUMBER Serial number $USERNAME Username $REALNAME Real name $EMAIL Email address $PHONE Phone $ROOM Room $POSITION Position

Also see Casper Suite 8.6 Administrator's Guide.pdf Page 327

Variables for Mac OS X Configuration Profiles There are several variables that you can use to dynamically customize the payloads in a Mac OS X configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the computers to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. ?? Variable Computer Information $COMPUTERNAME Computer name $UDID UDID $SERIALNUMBER Serial number $USERNAME For a computer-level configuration profile, the username stored in the computer’s location information in the JSS For a user-level configuration profile, the username for the user logging in $REALNAME Real name $EMAIL Email address $PHONE Phone $POSITION Position $ROOM

Forum|alt.badge.img+8
  • Contributor
  • 67 replies
  • June 27, 2013

Hi Cem,
I have actually tried these varibles for iOS from the Adminstrator Guide. They don't actually work. Have you got it working?
Thanks.


Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • June 28, 2013

$COMPUTERNAME works for our Macs. I don't think this will work for iOS as it is only listed for MacOs.

What version of JSS are you using?
We don't use Casper for MDM. But $SERIALNUMBER should work for iOS.
Post an example of your Config profile. Lets have a look. Otherwise let your Jamf account manager know that the Admin Guide info is not working for you.


Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • June 28, 2013

Here is my SCEP configuration profile for Macs ( I hope this helps! ):

URL
The base URL for the SCEP server http://myscepserver.mydomain.com/certsrv/mscep/mscep.dll/

Subject
Representation of a X.500 name CN=$COMPUTERNAME.mydomain.com

Subject Alternative Name Type
The type of a subject alternative name DNS Name (selected)

Subject Alternative Name Value
The value of a subject alternative name host/$COMPUTERNAME.mydomain.com

Challenge Type
Dynamic-Microsoft CA (selected)

URL to SCEP Admin
The URL of the page to use to retrieve the SCEP challenge
http://myscepserver.mydomain.com/certsrv/mscep_admin/


Forum|alt.badge.img+4
  • Contributor
  • 14 replies
  • June 15, 2020

@Cem i am trying to add $EMAIL but it does not work. it only shows the same $EMAIL placeholder rether than the actual value.


Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • June 15, 2020

jamf documentation suggests that the variables are still there... Are you using JAMF?


Forum|alt.badge.img+4
  • Contributor
  • 14 replies
  • June 16, 2020

@Cem yeah i am using jamf Pro.


Forum|alt.badge.img+17
  • Author
  • Contributor
  • 352 replies
  • June 16, 2020

Perhaps reach out to Jamf support?


Forum|alt.badge.img+4
  • Contributor
  • 14 replies
  • June 16, 2020

@Cem i will a create a ticket to jamf support. but i was just thinking if anyone else face the same issue.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings