SCEP configuration profile variable.... are there any?

Cem
Valued Contributor

I start the getting the SCEP configuration profile to work within our
environment now. But I think it requires variable to generate the
certificate the way we want it.

It seems to be a lack of info regards variables to automate this.
For example:
If I put the below in Subject
CN=%AD_ComputerID%.mydomain.com

I get computername$.mydomain.com (in my case Mac called air, so I get
air$.mydomain.com) in the certs Common Name section.

Also if I put the below in Subject Alternative Name Value
host/%AD_ComputerID%.mydomain.com

I get host/computername$.mydomain.com (in my case Mac called air, so I get
host/air$.mydomain.com) in the DNS name section of the cert

But I would like to get the name without $ sign at the end. Is there a variable for SCEP configurationprofile payload to
achieve this? I hope I have explained it correctly.

I know jSS uses variables with exchange config profile like $USERNAME and
$EMAIL (screen grab). So I am hoping that maybe there is a variable to get
the Mac hostname? I have no idea why %AD_ComputerID% works as variable
either....

2 ACCEPTED SOLUTIONS

Cem
Valued Contributor

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf

View solution in original post

Cem
Valued Contributor

Casper Suite 8.6 Administrator's Guide.pdf Page 450

Variables for iOS Configuration Profiles There are several variables that you can use to dynamically customize the payloads in an iOS configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the devices to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. Variable Mobile Device Information $UDID UDID $SERIALNUMBER Serial number $USERNAME Username $REALNAME Real name $EMAIL Email address $PHONE Phone $ROOM Room $POSITION Position

Also see Casper Suite 8.6 Administrator's Guide.pdf Page 327

Variables for Mac OS X Configuration Profiles There are several variables that you can use to dynamically customize the payloads in a Mac OS X configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the computers to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. ?? Variable Computer Information $COMPUTERNAME Computer name $UDID UDID $SERIALNUMBER Serial number $USERNAME For a computer-level configuration profile, the username stored in the computer’s location information in the JSS For a user-level configuration profile, the username for the user logging in $REALNAME Real name $EMAIL Email address $PHONE Phone $POSITION Position $ROOM

View solution in original post

11 REPLIES 11

Cem
Valued Contributor

Ok! I think I will need to update my JSS from 8.43 to 8.52.
Jamf Support response....

We have the variable $COMPUTERNAME for use in Configuration Profiles, which will grab the computer name.  If you're interested in checking out the other variables that we can use in configuration profiles, there is a table on page 314 of the Casper Admin's guide:

http://www.jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.5_Documentation.pdf

wangl2
Contributor

Hi Cem,
Would you know what Subject name I can use for iOS? I tried both $COMPUTERNAME and $SERIALNUMBER in the SCEP setting in IPCU. The the iPad receive the certificate, it did not reflect it's name or serial number. I have received the certificate which looks like
$COMPUTERNAME.mycompany.com
or
$SERIALNUMBER.mycompany.com
The variables didn't work for me.
Any idea?
Thanks.

Cem
Valued Contributor

Casper Suite 8.6 Administrator's Guide.pdf Page 450

Variables for iOS Configuration Profiles There are several variables that you can use to dynamically customize the payloads in an iOS configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the devices to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. Variable Mobile Device Information $UDID UDID $SERIALNUMBER Serial number $USERNAME Username $REALNAME Real name $EMAIL Email address $PHONE Phone $ROOM Room $POSITION Position

Also see Casper Suite 8.6 Administrator's Guide.pdf Page 327

Variables for Mac OS X Configuration Profiles There are several variables that you can use to dynamically customize the payloads in a Mac OS X configuration profile. Enter a variable into any text field in a payload to dynamically populate information about the computers to which you are distributing the profile. When the profile is installed, the variable is translated to the actual value stored in the JSS. ?? Variable Computer Information $COMPUTERNAME Computer name $UDID UDID $SERIALNUMBER Serial number $USERNAME For a computer-level configuration profile, the username stored in the computer’s location information in the JSS For a user-level configuration profile, the username for the user logging in $REALNAME Real name $EMAIL Email address $PHONE Phone $POSITION Position $ROOM

wangl2
Contributor

Hi Cem,
I have actually tried these varibles for iOS from the Adminstrator Guide. They don't actually work. Have you got it working?
Thanks.

Cem
Valued Contributor

$COMPUTERNAME works for our Macs. I don't think this will work for iOS as it is only listed for MacOs.

What version of JSS are you using?
We don't use Casper for MDM. But $SERIALNUMBER should work for iOS.
Post an example of your Config profile. Lets have a look. Otherwise let your Jamf account manager know that the Admin Guide info is not working for you.

Cem
Valued Contributor

Here is my SCEP configuration profile for Macs ( I hope this helps! ):

URL
The base URL for the SCEP server http://myscepserver.mydomain.com/certsrv/mscep/mscep.dll/

Subject
Representation of a X.500 name CN=$COMPUTERNAME.mydomain.com

Subject Alternative Name Type
The type of a subject alternative name DNS Name (selected)

Subject Alternative Name Value
The value of a subject alternative name host/$COMPUTERNAME.mydomain.com

Challenge Type
Dynamic-Microsoft CA (selected)

URL to SCEP Admin
The URL of the page to use to retrieve the SCEP challenge
http://myscepserver.mydomain.com/certsrv/mscep_admin/

slashnext
New Contributor II

@Cem i am trying to add $EMAIL but it does not work. it only shows the same $EMAIL placeholder rether than the actual value.

Cem
Valued Contributor

jamf documentation suggests that the variables are still there... Are you using JAMF?

slashnext
New Contributor II

@Cem yeah i am using jamf Pro.

Cem
Valued Contributor

Perhaps reach out to Jamf support?

slashnext
New Contributor II

@Cem i will a create a ticket to jamf support. but i was just thinking if anyone else face the same issue.