"Never" in the SSL Certificate Verification setting indicates that your Mac clients are ignoring the validity of the SSL certificate – whether that is installed on the Netscaler or the JSS itself – when connecting. That is a security concern, no matter whether you have the cert installed onto the JSS or something else between the client and Tomcat.

Hi @bvrooman,

So you mean there shouldn't be any problem when i change that setting to "Always"?
Sorry for asking dumb questions but: What are the clients verifying? If they want to verify a Cert that isn't available at the JSS how can they do it?
I just want to make sure that i don't get any problems when changing that setting.
I don't have many Mac Clients out there but most of them are VIP's and they are traveling a lot, so if there is something wrong I maybe cannot reach their MacBooks for weeks.

Thank you
BR
Daniel

As the note next to that setting states, set it to "Always except during enrollment" if you're using the built-in cert. The cert is there so the computer can verify that the data is coming from the actual server.

We currently use "Always except during enrollment" even with our third-party cert; however, we can technically use "Always".