Casper client certificates - reusing

jelockwood
Contributor

Casper during enrollment creates a client certificate to subsequently authenticate clients. See https://jamfnation.jamfsoftware.com/article.html?id=213

This is fine and desirable however there are other situations whereby using a client certificate is either necessary or desirable. For example Puppet, Munki, Simian and a Cisco IPSec VPN setup (not to be confused with L2TP).

Rather than duplicating the effort to create and administer extra certificates for these other applications it would make far more sense to reuse the same client certificate for these additional tasks. In some cases this might be easier than others, for example it might be easier to reuse for a Cisco IPSec VPN connection.

Unfortunately Puppet, Munki and Simian all use a commandline openssl style setup and do not use the Keychain. It is possible to export a certificate from a Keychain to a file that can be used with openssl, what I would like is an automated process to do this as part of enrolling clients with Casper.

Does anyone have any scripts to do this? If not and JAMF are reading this please consider adding functionality to enable this.

My main goal is as mentioned to reuse the client certificate for a Cisco IPSec setup, and also to use Munki/Simian to manage Apple Software Updates.

0 REPLIES 0