Posted on 12-04-2018 11:10 PM
We have set up ADCS and for machine certificates it work fine.
Our setup is that we have No ldap setup and mac´s are not bound to AD (using Nomad)
We also want user to be able to assign user certificates . But as we have no user assigned to the machine in Jamf but only are using local accounts, the certificate must be pushed out to the user logged in
As far I can read in the configuration profile in certificate payload, it should be possible to user "user level". Can anyone confirm if this can work as I cannot find much info on this
Posted on 12-05-2018 01:11 AM
I am also facing the same question with the same facts 👍
Posted on 12-05-2018 11:21 AM
anyone has some input on this ?
Posted on 12-06-2018 04:19 AM
Seems like nomad have some option with certificates. However, it is not what i can use as it is somehow wrapped into a private key in login items, and not as real user certificate in system keychain
Posted on 12-06-2018 05:03 AM
Have just tried the following setup
But nothing happens on the client and if checking the log for the configuration policy it is just empty with no information, even it is scoped to computers ?
If checking the server logs the following is listed(don´t know if this has to do with the actual policy)
2018-12-06 13:04:29,572 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob
Posted on 03-06-2020 03:39 AM
Hi @Captainamerica did you get anywhere with this? I am having the same issue...
Posted on 07-27-2020 05:10 PM
Anyone end up finding a solution for this?
Posted on 07-29-2020 08:41 AM
Is the cert not being installed, or is the Configuration Profile not being applied? User-based Configuration Profiles get assigned to an MDM Capable User, which is where things get tricky. JAMF automatically enables domain/mobile accounts as being MDM Capable, but Apple suggests local accounts and using tools like JAMF Connect, Nomad, Enterprise Connect or the Kerberos SSO Extension to sync local and network accounts.