Help

SCEP configuration profile variable.... are there any?

Go to solution
Cem
Valued Contributor

Posted on ‎07-20-2012 06:31 AM

I start the getting the SCEP configuration profile to work within our
environment now. But I think it requires variable to generate the
certificate the way we want it.

It seems to be a lack of info regards variables to automate this.
For example:
If I put the below in Subject
CN=%AD_ComputerID%.mydomain.com

I get computername$.mydomain.com (in my case Mac called air, so I get
air$.mydomain.com) in the certs Common Name section.

Also if I put the below in Subject Alternative Name Value
host/%AD_ComputerID%.mydomain.com

I get host/computername$.mydomain.com (in my case Mac called air, so I get
host/air$.mydomain.com) in the DNS name section of the cert

But I would like to get the name without $ sign at the end. Is there a variable for SCEP configurationprofile payload to
achieve this? I hope I have explained it correctly.

I know jSS uses variables with exchange config profile like $USERNAME and
$EMAIL (screen grab). So I am hoping that maybe there is a variable to get
the Mac hostname? I have no idea why %AD_ComputerID% works as variable
either....

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
Cem
Valued Contributor

Posted on ‎07-22-2012 09:13 PM

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf

View solution in original post

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-04-2013 02:48 AM

Casper Suite 8.6 Administrator's Guide.pdf Page 450

Variables for iOS Configuration Profiles There are several variables that you can use to dynamically customize the payloads in an iOS configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the devices to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. Variable Mobile Device Information $UDID UDID $SERIALNUMBER Serial number $USERNAME Username $REALNAME Real name $EMAIL Email address $PHONE Phone $ROOM Room $POSITION Position

Also see Casper Suite 8.6 Administrator's Guide.pdf Page 327

Variables for Mac OS X Configuration Profiles There are several variables that you can use to dynamically customize the payloads in a Mac OS X configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the computers to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. ?? Variable Computer Information $COMPUTERNAME Computer name $UDID UDID $SERIALNUMBER Serial number $USERNAME For a computer-level configuration profile, the username stored in the computer’s location information in the JSS For a user-level configuration profile, the username for the user logging in $REALNAME Real name $EMAIL Email address $PHONE Phone $POSITION Position $ROOM

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
Cem
Valued Contributor

Posted on ‎07-22-2012 09:13 PM

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf

0 Kudos

Go to solution
wangl2
Contributor

Posted on ‎06-03-2013 08:11 PM

Hi Cem,
Would you know what Subject name I can use for iOS? I tried both $COMPUTERNAME and $SERIALNUMBER in the SCEP setting in IPCU. The the iPad receive the certificate, it did not reflect it's name or serial number. I have received the certificate which looks like
$COMPUTERNAME.mycompany.com
or
$SERIALNUMBER.mycompany.com
The variables didn't work for me.
Any idea?
Thanks.

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-04-2013 02:48 AM

Casper Suite 8.6 Administrator's Guide.pdf Page 450

Variables for iOS Configuration Profiles There are several variables that you can use to dynamically customize the payloads in an iOS configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the devices to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. Variable Mobile Device Information $UDID UDID $SERIALNUMBER Serial number $USERNAME Username $REALNAME Real name $EMAIL Email address $PHONE Phone $ROOM Room $POSITION Position

Also see Casper Suite 8.6 Administrator's Guide.pdf Page 327

Variables for Mac OS X Configuration Profiles There are several variables that you can use to dynamically customize the payloads in a Mac OS X configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the computers to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. ?? Variable Computer Information $COMPUTERNAME Computer name $UDID UDID $SERIALNUMBER Serial number $USERNAME For a computer-level configuration profile, the username stored in the computer’s location information in the JSS For a user-level configuration profile, the username for the user logging in $REALNAME Real name $EMAIL Email address $PHONE Phone $POSITION Position $ROOM
0 Kudos

Go to solution
wangl2
Contributor

Posted on ‎06-27-2013 04:15 PM

Hi Cem,
I have actually tried these varibles for iOS from the Adminstrator Guide. They don't actually work. Have you got it working?
Thanks.

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-27-2013 08:38 PM

$COMPUTERNAME works for our Macs. I don't think this will work for iOS as it is only listed for MacOs.

What version of JSS are you using?
We don't use Casper for MDM. But $SERIALNUMBER should work for iOS.
Post an example of your Config profile. Lets have a look. Otherwise let your Jamf account manager know that the Admin Guide info is not working for you.

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-28-2013 04:43 AM

Here is my SCEP configuration profile for Macs ( I hope this helps! ):

URL
The base URL for the SCEP server http://myscepserver.mydomain.com/certsrv/mscep/mscep.dll/

Subject
Representation of a X.500 name CN=$COMPUTERNAME.mydomain.com

Subject Alternative Name Type
The type of a subject alternative name DNS Name (selected)

Subject Alternative Name Value
The value of a subject alternative name host/$COMPUTERNAME.mydomain.com

Challenge Type
Dynamic-Microsoft CA (selected)

URL to SCEP Admin
The URL of the page to use to retrieve the SCEP challenge
http://myscepserver.mydomain.com/certsrv/mscep_admin/

Go to solution
slashnext
New Contributor II

Posted on ‎06-15-2020 05:50 AM

@Cem i am trying to add $EMAIL but it does not work. it only shows the same $EMAIL placeholder rether than the actual value.

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-15-2020 08:11 AM

jamf documentation suggests that the variables are still there... Are you using JAMF?

0 Kudos

Go to solution
slashnext
New Contributor II

Posted on ‎06-16-2020 12:05 AM

@Cem yeah i am using jamf Pro.

0 Kudos

Go to solution
Cem
Valued Contributor

Posted on ‎06-16-2020 12:09 AM

Perhaps reach out to Jamf support?

0 Kudos

Go to solution
slashnext
New Contributor II

Posted on ‎06-16-2020 12:15 AM

@Cem i will a create a ticket to jamf support. but i was just thinking if anyone else face the same issue.

0 Kudos