Today I replaced the SSL cert for one of our storage servers. I used the JSS built-in CA to create the cert and installed it in the usual manner.
While everything appears to be fine on pre-Catalina clients, the Catalina clients fail (refuse?) to connect to the server. When enabling debug mode I see the following:
Tue Oct 15 18:44:50 catalina jamf: [DEBUG] Failed to download bom file https://mdm-stor-1.x.y/Packages/ONLYOFFICE-5.1.pkg/index.bom to /Library/Application Support/JAMF/tmp/index.bom: Connection failure: "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “mdm-stor-1.x.y” which could put your confidential information at risk." Tue Oct 15 18:44:50 catalina jamf: [DEBUG] Downloading flat package https://mdm-stor-1.x.y/Packages/ONLYOFFICE-5.1.pkg... Tue Oct 15 18:44:50 catalina jamf: [DEBUG] Exception caught (code -1202). HTTP result code: 403
When using curl from a Catalina client and I feed it the proper node certificate I am able to fetch the package in question.
Any idea why jamf on Catalina might fail to connect to the storage server while curl succeeds?
Solved! Go to Solution.
I did wonder whether the SAN requirement could play a role, but I don't think I had a SAN entry in the previous certs, and they also worked for Catalina clients. But I will certainly check this tomorrow.