Help

User Certificate - configuration profile

Captainamerica
Contributor II

Posted on ‎12-04-2018 11:10 PM

We have set up ADCS and for machine certificates it work fine.
Our setup is that we have No ldap setup and mac´s are not bound to AD (using Nomad)
We also want user to be able to assign user certificates . But as we have no user assigned to the machine in Jamf but only are using local accounts, the certificate must be pushed out to the user logged in

As far I can read in the configuration profile in certificate payload, it should be possible to user "user level". Can anyone confirm if this can work as I cannot find much info on this

7 REPLIES 7

whitebeer
Contributor

Posted on ‎12-05-2018 01:11 AM

I am also facing the same question with the same facts 👍

0 Kudos

jameson
Contributor II

Posted on ‎12-05-2018 11:21 AM

anyone has some input on this ?

0 Kudos

jameson
Contributor II

Posted on ‎12-06-2018 04:19 AM

Seems like nomad have some option with certificates. However, it is not what i can use as it is somehow wrapped into a private key in login items, and not as real user certificate in system keychain

0 Kudos

Captainamerica
Contributor II

Posted on ‎12-06-2018 05:03 AM

Have just tried the following setup412fa32c59ad4b9fa4d2de3a4e534828
b0b7b312c44e4ec3b99a1b216eb717ce

But nothing happens on the client and if checking the log for the configuration policy it is just empty with no information, even it is scoped to computers ?

If checking the server logs the following is listed(don´t know if this has to do with the actual policy)
2018-12-06 13:04:29,572 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob

0 Kudos

bassic
New Contributor III

Posted on ‎03-06-2020 03:39 AM

Hi @Captainamerica did you get anywhere with this? I am having the same issue...

0 Kudos

mlambert
New Contributor III

Posted on ‎07-27-2020 05:10 PM

Anyone end up finding a solution for this?

0 Kudos

daniel_behan
Contributor III

Posted on ‎07-29-2020 08:41 AM

Is the cert not being installed, or is the Configuration Profile not being applied? User-based Configuration Profiles get assigned to an MDM Capable User, which is where things get tricky. JAMF automatically enables domain/mobile accounts as being MDM Capable, but Apple suggests local accounts and using tools like JAMF Connect, Nomad, Enterprise Connect or the Kerberos SSO Extension to sync local and network accounts.

0 Kudos