- Jamf Nation Community
- Products
- Jamf Pro
- Re: Setup Manager and HTTPS Authentication
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Setup Manager and HTTPS Authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago - last edited a week ago
We hare looking at setup manager to replace our Depnotify config as its not supported any more.
We have setup an HTTPS distribution point on an IIS server with anonymous share access added the signed setup manager pkg, uploaded the manifest file to jamf and setup the prestage enrollment package to deploy setup manager.
Setup manager launches and starts configuring and trying to deployment packages
When trying to deploy packages (from another HTTPS distribution point with authentication required) the deployments fail. Is this the case that all packages you want to deploy with setup manager need to be setup on an anonymous share accessible to all? meaning licensed software can be downloaded by anyone that knows the URL (on campus at least) Maybe I am missing something but this seems like a bad idea?
When I do enable anonymous share access and set authentication type to none on the distribution share the packages deploy.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Do you have the CA that issued the certificate used by your IIS deployed to Macs being enrolled in the PreStage? If the CA for that certificate isn't one of the default CAs you wouldn't be able to authenticate the connection.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Thanks, I do have a 3rd party cert in the IIS, with Sectigo RSA CA and USERTrust RSA Certification Authority. The USERTrust is on the included root cert list here:https://support.apple.com/en-us/121672 I assume that should be enough and that I do not need to include it in a profile?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
No, one would expect that to be trusted. So much for that idea.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
With the help of a person in the MacAdmins: Jamf-Setup-manager slack I was able to get this to work. I needed to add a PPPC policy to give setup manager SystemPolicyAllFiles allow so then it can mount the SMB share (instead of using HTTPs) this is for packages that setup manager is set to install. This way I can have setup manager PKG on its own anonymous HTTPS share and use a SMB distribution point that is secure for the other deployment packages
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago - last edited a week ago
Good to hear you found a workaround but I _really_ dislike SMB shares (don't support resumable downloads and the overhead incurred to to mount a file system when all I want is to download a package) and wondering why HTTPS didn't work would drive me crazy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Yes, Really odd that it can mount a protected share but not download a pkg from a URL. None of these packages have a manifest file (other than setup manager pkg) We do not use Jamf cloud so a Manifest file is not auto created with Jamf on prem, maybe that's it?
