Self enrollment CA Certificate question

New Contributor II

Hey I have a question regarding the CA Certificate while self enrollment.

During the process of self enrolment the user will download 2 mobileconfigs (ca certificate and mdm profile) I just saw that some users seems to only have installed the mdm profile and were missing to install the 1st ca certificate profile.

2 questions

- What happens to the users that are missing the Ca certificate profile?

- Can I push this profile to the missing ones somehow?




New Contributor II

User-initiated enrollment the end-user sometimes forgets to click 'continue twice. There is two prompts: Install CA Certificate (click 'continue) followed by Install MDM Profile (click 'continue). 

You can't push a CA Certificate to the device from Jamf as it's not managed (supervised) but you can send the CA Cert to the end-user as an attachment and they can download it. Or have them go back to your enrollment link and advise them to watch for two prompts to ensure the CA cert gets installed. 

I know that the user has to download both of them and install both of them. But it seems some users don't know :)

how can I send the CA Cert to the end user? isn't the ca cert a user certificate? so the user will have to download it as their username!?

The CA Cert file can be sent and downloaded by anyone via email. Just make sure your end-user is installing it on the target device. Once they double-click the CA Cert it will prompt them to install it into settings. 

It's not a user cert as it's end-user enrollment. It becomes a user cert once it's installed on a device.