Help

Signing .mobileconfig profile for Crowdstrike

sbanks
New Contributor

Posted on ‎01-06-2021 06:31 AM

Ive come across different threads that lead me no where. We were provided a .mobileconfig file from crowdstrike that has to be signed before uploading to JamfPRO. Could someone share some insight on how they may have accomplished this? Please. Ive tried the threads here, but have come up with nothing. I have gotten to the point of creating the cert, but how would I sign the .mobileconfig with this data?

Labels:
0 Kudos
4 REPLIES 4

joshuasee
Contributor III

Posted on ‎01-06-2021 07:36 AM

I would note that Jamf Pro signs the configuration profiles it distributes automatically, but I am not familiar with CrowdStrike and will assume this is a case where you're presigning the mobileconfig to keep Jamf Pro from modifying it…

If the code signing identity (certificate with private key) is in your keychain, you should be run the following command to sign a configuration profile:

security cms -Si /path/to/some.mobileconfig -o /path/to/signed_version_of.mobileconfig -N "Signing Certificate Name"

ZakAquistapace
New Contributor

Posted on ‎01-14-2021 02:12 PM

I just came across this post, as I too am trying to sign the CrowdStrike mobileconfig file. This command works 100%. Thank you @joshuasee !

0 Kudos

user-RcEUZAZsGO
New Contributor

Posted on ‎05-11-2021 11:53 AM

The command works for signing the CrowdStrike mobileconfig file.
But what happens when the cert from my keychain that I used to sign the profile expires?
Does it mean it will remove the profiles from everyones machine and I will have to redeploy the CrowdStrike profile?
Thanks!

0 Kudos

jefff
Contributor II

Posted on ‎05-11-2021 12:46 PM

@user-RcEUZAZsGO If you code-sign objects with the a cert created from your Jamf instance's CA, Jamf Pro will trust that item for the foreseeable future.