Sign Quick Add Package

sam_clark
New Contributor III

Does anyone know the proper certificate format to sign a quick add package? I'm using a .pfx and it doesn't seem to be correct... is .cer correct?

2 ACCEPTED SOLUTIONS

justinrummel
Contributor III

I believe it also requires the Agent to create the CSR private/public key pair. So if your company already has a OS X Dev account, you must talk to the person who OWNS the account.

Correct me if I'm wrong!

- Justin

View solution in original post

sam_clark
New Contributor III

Solved + Steps for future inquiries:

  1. Generate a Certificate Signing Request through Keychain Access
  2. Upload CSR to OS X Dev Center (follow apples guidelines and steps)
  3. Download Cert
  4. Export cert and private key as .p12
  5. Upload to QuickAdd in JSS User-Initiated Enrollment

Easy peasy.

View solution in original post

8 REPLIES 8

RobertHammen
Valued Contributor II

Can't just sign with any cert from any CA. You need to sign it with a certificate from Apple's Developer portal. Are you a member of the Apple Developer Program for Mac ($99/yr)?

justinrummel
Contributor III

I believe it also requires the Agent to create the CSR private/public key pair. So if your company already has a OS X Dev account, you must talk to the person who OWNS the account.

Correct me if I'm wrong!

- Justin

sam_clark
New Contributor III

Thanks for the replies all, will investigate further and go from there.

Cheers!

sam_clark
New Contributor III

Solved + Steps for future inquiries:

  1. Generate a Certificate Signing Request through Keychain Access
  2. Upload CSR to OS X Dev Center (follow apples guidelines and steps)
  3. Download Cert
  4. Export cert and private key as .p12
  5. Upload to QuickAdd in JSS User-Initiated Enrollment

Easy peasy.

dwight_banks
New Contributor

@sam.clark does it matter what type of cert it is? I have a developer id installer and a mac installer distribution created. Looks like the security message still comes up the first time but if I click the installer again it runs correctly.

Canary
New Contributor

Does an "Agent" in the Apple Dev Portal have to generate the CSR key pair? I've tried it a couple of times as an admin to no avail

jrserapio
Contributor

@Canary This thread is a bit old, but I just went through this. They key pair has to be generated by the Team Agent, which there can only be 1 per developer account/company account.

Josemocha
New Contributor II

Great right up of how to do this with screenshots. https://www.hcsonline.com/images/How_to_Create_a_Signed_QuickAdd_Package.pdf

Christopher Holmes, Jamf Certified Trainer & Integrator