Wifi cert deployments in Jamf Pro

jpeters21
Contributor II

now a year into my Jamf pro experience (so still relatively newb) .. but one thing I have not been able to figure out is I have not been able to successfully use Jamf to pull down a cert for our wireless. Same configurations built from apple configurator work with a manual install, but when deploying the same from Jamf it does not pull down the cert. Originally was pulling directly from AD (so had to be on internal network via LAN for this to work) and now we are attempting a SCEP proxy connected to Jamf. In the original the config would install, just with out the proper cert being acquired, but the SCEP profile looks like its just stuck attempting to install. SCEP maybe a different issue as the server logs show this: 

 

"[CEPChallengeConfiguration] - $MSSCEPCHALLENGE found for a challenge password but no event listeners returned a challenge. Setting to a blank string.
2022-03-09 14:52:47,105 [ERROR] [ina-exec-48] [InstallProfile ] - Error getting SCEP challenge response from server
com.jamfsoftware.jss.exceptions.mdm.ScepChallengeBlankException: Setting a blank challenge, returning!" 

 

Reached out to a co-worker to check if they can see if they can see the incoming traffic, any thing else I should be looing at with the described behavior? 

 

9 REPLIES 9

jpeters21
Contributor II

additional note on client side I am not seeing any reference to the profile attempting to install in the jamf.log or install.log any other places I should be looking? 

Arul
New Contributor

Hi @jpeters21 , did you get any chance to fix this issue

I did not.. reached out to my network team to assist with troubleshooting at which time it got tabled. They are also in the middle of restructuring our VLANs so I suspect it would not get worked on again until that is complete. 

Hi any updates on your issue?

user-zZcUnEREZD
New Contributor II

Same issue here...

jpeters21
Contributor II

Sorry nothing new to add.. and this does not seem to be a pressing issue for our network team to work with me on. The is a reality for us its an additional few second on the clients for our support techs who do most of the setups vs. the hours our engineers/administrators would spend tracing the issue, and work from home people were zero touch deployment may be desired don't need internal wireless. 

peterlbk
Contributor

@jpeters21 did you use the exact same FQDN as the certificate expects?

using ADCS connector were we never actually getting to the point were we acquired the cert, Jamf logs suggested no response from the host, but I got as far as seeing the request traffic come in the firewall. 

peterlbk
Contributor

Could it be possible that if you have things like SSL inspection set up on your firewall would inspect certificates and making them invalid?