using jamfcloud with an adcs connector, we are able to generate and deploy certificates to a test group.
the issue we are facing is for computer-level certificates the user has a few hoops to go through; 1) they have to specify the certificate deployed to them when trying to connect to the corporate wi-fi 2) since these are deployed the System.keychain file, they are also prompted for credentials. Since users wont be admins this is a concern.
our previous mdm, we had to deploy network certificates via user profiles. with jamf this does not seem to be 100% working.
our profiles consist of:
certificate payload with the issuing and root certificates from the CA
certificate payload with our certificate template for Mac devices
network payload with our corporate wi-fi, using EAP-TLS, WPA2 Enterprise, Allow Trust Exceptions, Select our issuing and root certificates from the certificate payload
deploy to selected mac devices (not smart group or users)
computer level profiles often deploy fine, just with the above caveat. User profiles are hit or miss where they dont always deploy. I tried self service as a test and the last one worked but we'd like to deploy these upon enrollment or at a later stage to prevent issues with enrollment configurations.
but first is to figure out the correct means to deploy network certificate profiles
