For those like me who don't have time to be an expert on everything here
is what I did:1. Install Certify The Web.2. Make sure you have a backup
copy of your certname.pfx and server.xml (see next).2. Blindly follow:
I had a Restricted Software rule to stop everyone but IT from installing
major upgrades but a few users were able to do it anyway and of course
they have an app or two or printer driver that's not compatible yet.
Years ago it was a pain getting users...
I'm pretty sure this is Apple's "new" way (Mojave and forward). If you
don't DEP enroll, even if it's a reenroll, then the user (or you
remotely) will need to click the verify button in System Prefs ->
Profiles. If they open Self Service it should sh...
Take a look here:
I don't think everything has been ironed out yet. I've enrolled a
handful of M1 systems and find that if it fails the first time I wipe it
I think between this: https://github.com/sean-rabbitt/letsEncryptJSS and
you could get it working swimmingly. Until Apple breaks somethi...