Skip to main content
Question

User Certificate - configuration profile

  • December 5, 2018
  • 7 replies
  • 25 views
C
Forum|alt.badge.img+8

We have set up ADCS and for machine certificates it work fine.
Our setup is that we have No ldap setup and mac´s are not bound to AD (using Nomad)
We also want user to be able to assign user certificates . But as we have no user assigned to the machine in Jamf but only are using local accounts, the certificate must be pushed out to the user logged in

As far I can read in the configuration profile in certificate payload, it should be possible to user "user level". Can anyone confirm if this can work as I cannot find much info on this

      7 replies

      whitebeer
      Forum|alt.badge.img+7
      • whitebeer
      • Contributor
      • December 5, 2018

      I am also facing the same question with the same facts 👍

      J
      Forum|alt.badge.img+10
      • jameson
      • Contributor
      • December 5, 2018

      anyone has some input on this ?

      J
      Forum|alt.badge.img+10
      • jameson
      • Contributor
      • December 6, 2018

      Seems like nomad have some option with certificates. However, it is not what i can use as it is somehow wrapped into a private key in login items, and not as real user certificate in system keychain

      C
      Forum|alt.badge.img+8
      • Captainamerica
      • Author
      • Contributor
      • December 6, 2018

      Have just tried the following setup

      But nothing happens on the client and if checking the log for the configuration policy it is just empty with no information, even it is scoped to computers ?

      If checking the server logs the following is listed(don´t know if this has to do with the actual policy)
      2018-12-06 13:04:29,572 [WARN ] [na-exec-132] [Credentials ] - We don't want to return an X509 Cert from a PKCS12 data blob

      B
      Forum|alt.badge.img+7
      • bassic
      • Contributor
      • March 6, 2020

      Hi @Captainamerica did you get anywhere with this? I am having the same issue...

      M
      Forum|alt.badge.img+9
      • mlambert
      • Contributor
      • July 28, 2020

      Anyone end up finding a solution for this?

      D
      Forum|alt.badge.img+11
      • daniel_behan
      • Valued Contributor
      • July 29, 2020

      Is the cert not being installed, or is the Configuration Profile not being applied? User-based Configuration Profiles get assigned to an MDM Capable User, which is where things get tricky. JAMF automatically enables domain/mobile accounts as being MDM Capable, but Apple suggests local accounts and using tools like JAMF Connect, Nomad, Enterprise Connect or the Kerberos SSO Extension to sync local and network accounts.

      Terms & ConditionsCookie settingsAccessibility statement