Jamf Nation Community

jarednichols · ‎11-21-2011

So I'm setting up Reposado and inline with my "https everywhere" mantra I'm planning on delivering updates over https with it (instead of http like normal SUS).

Turns out, the SUS client (in 10.7 anyway) requires a valid cert.

Software Update Tool Copyright 2002-2010 Apple The certificate for this server is invalid. You might be connecting to a server that is pretending to be “<redacted>” which could put your confidential information at risk.

This is not yet a prod box and it's just using a self signed cert as generated by mod_ssl in Apache.

Just found it interesting.

tlarkin · ‎11-21-2011

I am reading the 10.7 manual right now on Software Update and I don't see anything where it requires a CA to authenticate to a valid SUS.

So, yeah that is interesting...Though I got a good 6 months before we even think about rolling out Lion.

Thanks for the info

jarednichols · ‎11-21-2011

I should probably clarify that this is if you're planning on doing it over https. http is still the standard delivery method.

Jamf Nation Community

Software Update - Interesting client-side tidbit