Help

verify certificate installation for wireless via casper

jche
New Contributor

Posted on ‎04-20-2017 10:45 AM

Hey Guys,

JSS 9.96

we are deploying wifi certs manually via our issuingca, so the output of the wifi cert in keychains will be Username@company.com

is there a way to check via extensions or something via JSS how many users have the cert?

there isnt an actual identifiable name (our wifi is called Hermes, but no such name exists in the cert name or details).

ideally we would be able to have an extension or something to find username@yodlee.com as a cert41a45c1d20ad46bcacb73890d7777906

screenshot is me - that is the naming scheme.

Labels:
0 Kudos
Reply
4 REPLIES 4

strider_knh
Contributor II

Posted on ‎04-20-2017 11:07 AM

If this is being placed by a configuration profile you could go by if the profile has ben installed.... wait, that option is only available in iOS.

We have extension attributes that lists configuration profiles and use level certs. That way we can base searches and groups off of this info.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎04-20-2017 11:12 AM

wait, that option is only available in iOS.

I believe the latest version of Jamf Pro now includes the captured Configuration Profiles as items for Smart Groups and searches. I recall reading about that in the FR section.

Outside of this, @jche are you sure there is no identifying information in the certificate, like in the subject perhaps, that tells you that it came from your CA? I find that kind of hard to believe actually. I mean, I guess it's possible, but I don't think I've run across anything like that. We use an issued certificate for Wi-Fi that gets named by the full AD username (in our case, Lastname, Firstname), but there is still information within the cert that tells us it came from our CMS.
If you go into Terminal on your Mac and run security find-certificate -a and look at the long output, do you see your certificate details there? Is there something in the subj section that identifies the CA?

0 Kudos
Reply

jche
New Contributor

Posted on ‎04-20-2017 11:13 AM

so you are using config profiles to give out wifi cert, which is fine, but all of ours are manual via the issuingca server, so nothing to do with JSS.

i want to check post config to see if its possible to verify such file via JSS

0 Kudos
Reply

jche
New Contributor

Posted on ‎04-20-2017 11:45 AM

@mm2270

im not the latest, but maybe its incentive to do so lol, but at this point, id rather not break something just in case :)

there is identifiable information, but its not unique is the problem. the info is spread across multile certs

see attached.
2ba05d1740884464bf44c8166b402913

YODLEE issuing certificate authority is a recurring theme.

can you give me an example? this is new to me, sorry and thanks for the help!

0 Kudos
Reply