Switching to Certificate-Based Communication

k12techman
New Contributor

All:

JAMF support says I'll be fine to do this and I don't necessarily doubt
them, but I also wanted to hear from anyone out there that's done this in a
production environment.

To push policy to my 10.7 clients, I need to enable certificate-based
communication as well as enable push notification for Mac OS v10.7 clients. Thing is, I have a currently operating environment that's been upgraded a
few times and now sits at 8.31. My fear is that I'll enable this and lose
communication with all of my current devices. JAMF support tells me that
this won't be a problem. Only caveat is that at this time, you can't turn
that off without having problems, but it will be fixed in a later release.

Again, it's not that I doubt what JAMF support is telling me, but I'd sure
like to hear from someone that's done this "live" and hear what resulted.

TIA,

Drew

-- Drew Lane
Director of Technology
Derby Public Schools
iMessage and Facetime: dlane at usd260.com
Office: 316.788.8591
Find Me: 316.285.0017

2 REPLIES 2

Walter
New Contributor II

If you have the JSS generate the cert and use that cert, do you need to wait a while between setting that step and enabling the requirement for a valid certificate? Do you need to populate anything on the clients to trust this CA? Does the JSS do that for you?
--
Walter Rowe, System Hosting
Enterprise Systems / OISM
walter.rowe at nist.gov<mailto:walter.rowe at nist.gov>
301-975-2885

Not applicable

Funny enough, it seems we have actually hit a bug with this.

We have a proper cert, with trust chain installed (since we have an intermediate CA).

I never managed to get the client imaged and then trust the JSS, it said the JSS was there, but couldn't connect.

Turns out, when you have autorun info on the computer, the cert doesn't get installed on the client at image time. Removing autorun data and setting the parameters manually in casper imaging works, but not autorun.

According to JAMF, this bug will be sorted shortly.

//Patrik Sonestad
sysadm
Lund university

8 dec 2011 kl. 19:46 skrev Rowe, Walter: