Help

Verification of SSL certificates is disabled Jamf 9.100

dpratl
Contributor II

Posted on ‎08-24-2017 12:50 AM

Hi JAMFnation,

I updated our JSS to Version 9.100 two days ago. Now I get this warning:
8644c90b00af4a45a8d4609d373ee9d1

Yes I have turned of the SSL Certificate verification in the settings:
4d82610692fb4db686bb55985d26bf17

We are using https for JSS over our netscaler, so JSS is not using a Certificate for SSL directly.

Do you have a clue how to get rid of this message?

Thank you
BR
Daniel

0 Kudos
3 REPLIES 3

bvrooman
Valued Contributor

Posted on ‎09-05-2017 07:21 AM

"Never" in the SSL Certificate Verification setting indicates that your Mac clients are ignoring the validity of the SSL certificate – whether that is installed on the Netscaler or the JSS itself – when connecting. That is a security concern, no matter whether you have the cert installed onto the JSS or something else between the client and Tomcat.

0 Kudos

dpratl
Contributor II

Posted on ‎09-12-2017 11:47 PM

Hi @bvrooman,

So you mean there shouldn't be any problem when i change that setting to "Always"?
Sorry for asking dumb questions but: What are the clients verifying? If they want to verify a Cert that isn't available at the JSS how can they do it?
I just want to make sure that i don't get any problems when changing that setting.
I don't have many Mac Clients out there but most of them are VIP's and they are traveling a lot, so if there is something wrong I maybe cannot reach their MacBooks for weeks.

Thank you
BR
Daniel

0 Kudos

jmahlman
Valued Contributor

Posted on ‎09-13-2017 06:22 AM

As the note next to that setting states, set it to "Always except during enrollment" if you're using the built-in cert. The cert is there so the computer can verify that the data is coming from the actual server.

We currently use "Always except during enrollment" even with our third-party cert; however, we can technically use "Always".

0 Kudos