Signing .mobileconfig profile for Crowdstrike

New Contributor

Ive come across different threads that lead me no where. We were provided a .mobileconfig file from crowdstrike that has to be signed before uploading to JamfPRO. Could someone share some insight on how they may have accomplished this? Please. Ive tried the threads here, but have come up with nothing. I have gotten to the point of creating the cert, but how would I sign the .mobileconfig with this data?


Contributor III

I would note that Jamf Pro signs the configuration profiles it distributes automatically, but I am not familiar with CrowdStrike and will assume this is a case where you're presigning the mobileconfig to keep Jamf Pro from modifying it…

If the code signing identity (certificate with private key) is in your keychain, you should be run the following command to sign a configuration profile:

security cms -Si /path/to/some.mobileconfig -o /path/to/signed_version_of.mobileconfig -N "Signing Certificate Name"

New Contributor

I just came across this post, as I too am trying to sign the CrowdStrike mobileconfig file. This command works 100%. Thank you @joshuasee !

New Contributor

The command works for signing the CrowdStrike mobileconfig file.
But what happens when the cert from my keychain that I used to sign the profile expires?
Does it mean it will remove the profiles from everyones machine and I will have to redeploy the CrowdStrike profile?

Contributor II

@user-RcEUZAZsGO If you code-sign objects with the a cert created from your Jamf instance's CA, Jamf Pro will trust that item for the foreseeable future.