Posted on 01-06-2021 06:31 AM
Ive come across different threads that lead me no where. We were provided a .mobileconfig file from crowdstrike that has to be signed before uploading to JamfPRO. Could someone share some insight on how they may have accomplished this? Please. Ive tried the threads here, but have come up with nothing. I have gotten to the point of creating the cert, but how would I sign the .mobileconfig with this data?
Posted on 01-06-2021 07:36 AM
I would note that Jamf Pro signs the configuration profiles it distributes automatically, but I am not familiar with CrowdStrike and will assume this is a case where you're presigning the mobileconfig to keep Jamf Pro from modifying it…
If the code signing identity (certificate with private key) is in your keychain, you should be run the following command to sign a configuration profile:
security cms -Si /path/to/some.mobileconfig -o /path/to/signed_version_of.mobileconfig -N "Signing Certificate Name"
Posted on 01-14-2021 02:12 PM
I just came across this post, as I too am trying to sign the CrowdStrike mobileconfig file. This command works 100%. Thank you @joshuasee !
Posted on 05-11-2021 11:53 AM
The command works for signing the CrowdStrike mobileconfig file.
But what happens when the cert from my keychain that I used to sign the profile expires?
Does it mean it will remove the profiles from everyones machine and I will have to redeploy the CrowdStrike profile?
Thanks!
Posted on 05-11-2021 12:46 PM
@user-RcEUZAZsGO If you code-sign objects with the a cert created from your Jamf instance's CA, Jamf Pro will trust that item for the foreseeable future.