Help

Signing a package

Asifahmed
New Contributor III

Posted on ‎04-07-2023 03:03 AM

I am following the below link to sign a package.

https://learn.jamf.com/bundle/technical-articles/page/Creating_a_Signing_Certificate_Using_Jamf_Pros...

 

My question is if I dont go to keychain and do those steps mentioned in the link and go to Jamf Settings/ PKI Certificate and download my JAMF built-in certificate and installed it on my mac and sign the package with composer when building the package then there should be any issue? Or this two method are having different purpose, if yes then what is that?

0 Kudos
Reply
2 REPLIES 2

AJPinto
Honored Contributor III

Posted on ‎04-07-2023 04:44 AM

The steps involving your keychain are creating the CSR (certificate Signing Request) for JAMF to issue the certificate against. Notice how in step 6 you are pasting the data from the CSR in to the JAMF PKI Certificates pane, after you do this JAMF will product a certificate you can download that you can use. 

 

It does not matter how you get your CSR (certificate Signing Request), but you need one all the same. The Signing Certificate you use to sign your packages does not need to come from JAMF. Using Keychain and JAMF are just convenient, if you were so inclined you could use Open SSL, Java Key tool or pretty much anything that can make SSL certificates. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to AJPinto

Posted on ‎04-07-2023 06:29 AM

So you want to mean no difference between those two methods? If yes then I will easily download the built-in JAMF cert from Jamf Settings/PKI certificate and sign the package.

0 Kudos
Reply