Note: although issues like this might be related to the SSL certificate itself, it's also possible that the uploaded SSL cert is missing an Intermediate CA or Tomcat was not rebooted after uploading he new cert. Especially when a new certificate was uploaded. Unless something bad happened to Tomcat, it’s often related to the SSL certificate.
JAMF PRO MDM PRO
I’ve seen situation where people panic when suddenly all communication with their (on-prem) Jamf Pro server stopped. SSL cert not valid? No communication! See what happens for instance with a ‘sudo jamf policy’ or ‘sudo jamf recon’ if the SSL cert of the Jamf Pro server is expired or invalid (wrong FQDN for instance): Just like with every possible HTTPS/SSL connection you can imagine. Whenever a Mac or iOS device contacts the Jamf Pro server it also verifies the SSL certificate. In my case the DST Root CA, aka Let’s Encrypt:īut, when we, as a human being, see the below (when attempting to login to Jamf Pro, or when a user tries to enroll a device via User Initiated Enrolment), we know there is something wrong!Īll straight forward I guess, but what about devices interacting with Jamf Pro? Well, exactly the same. Someone, trusted by the entire world, has verified the identity of this server and issued a certificate to proof it. Whether that is a certificate for the specific FQDN or a wildcard cert, it doesn’t matter. However, without the intend to state the obvious, what does the SSL Certificate on Tomcat actually do? Well, nothing more than providing proof of the identity of the server. I presume that it’s safe enough to assume we all understand the importance of HTTPS and SSL. However, there might be some confusion regarding its importance in view of device communication. This might be the most straight forward one to discuss. Specific certificates for integrations like LDAPs, SCEP Proxy, SCCM, GSX….The built-in Jamf Pro Signing Certificate(s).The built-in Jamf Pro Certificate Authority.This in view of the importance of the specific cert and it’s purpose, as well as keeping the length of this post within limits.
![jamf pro mdm jamf pro mdm](https://www.too.com/archives/002/202009/1f8e36b3a7baa14aa3c4905028652af0285109a8577b543f2c1828981beb7dfc.jpg)
![jamf pro mdm jamf pro mdm](https://storage.googleapis.com/appconfig-media/appconfig-content/uploads/2016/10/JAMF-Software-Blue-Logo.png)
As you’ll see, I’ll elaborate some certificates a bit more in depth then some other types of certificates. Let’s start with listing the different types you may use or need before we dive into discussing each of them.
![jamf pro mdm jamf pro mdm](https://interlaced.io/wp-content/uploads/2017/12/jamf-pro.jpg)
But one way or another you are using a good set of different types of certificates, whether you are aware of it or not.
JAMF PRO MDM FULL
The goal of this post is mainly to differentiate the variety of certificates, and their purpose, not to give you a full in-depth discussion of each of one.ĭepending on how you use Jamf Pro, what functionality you use and the different integrations you add to the JPS, the types of certificates which cross your path may vary.
JAMF PRO MDM PROFESSIONAL
We work well with others - Jamf Cloud offers full integration with most enterprise authentication and identity services, and we provide professional services to help you migrate.No, I’m not a certificate expert, just a guy who needs them from time to time, no way around it! So I decided to dedicate this post to the different certificates you might come across when using Jamf Pro.
![jamf pro mdm jamf pro mdm](https://mbsdirect.com/images/logo/logo-jamf-connect.png)
Visibility - A Jamf status dashboard monitors cloud services, and we offer industry-standard security controls for hosting services. We store automatic daily backups for 30 days in case of a need for disaster recovery.
JAMF PRO MDM UPDATE
Secure data - Our data centers are located in the United States, Germany, United Kingdom, Japan or Australia, and our servers automatically update with every release. Using a subscription-based model, Jamf Cloud offers a built-in cloud distribution service for global package distribution and guarantees 99.9% server uptime.