2 Replies Latest reply: Feb 7, 2013 8:38 PM by iToaster
Blueit Level 1 Level 1 (0 points)

Hello everyone.

 

We have a Mac OS X server deployed on our internal network with an internal ip. This internal ip uses the internal DNS convention so it ends on .corp

More and more of my users are not coming to work on a regular basis in this office so I want to be able to push device updates to them while they are not in the office on our Wireless.

 

For that I do not only need to change the hostname to our publicly listed domain, but I also have the change the IP.

 

I understand that I need to request a certificate with our authortiy (godaddyin this case) as I do not want to use a self signed one.

I understand that new certificate needs to be installed and assigned prior to me changing IP and Hostname.

 

My question is this. For all the devices which are already on the enrollment server using the something.corp Hostname (and thus certificate) do I have to re-enroll them?

 

Is there a way to automatically re-enroll them?

 

I am trying to find documentation on this process and I am having a hard time.

Thank you so much!


Mac OS X Server, OS X Mountain Lion (10.8.2), Profile Manager 2
  • 1. Re: Moving enrolled devices from internal IP to external IP with new hostname
    FromOZ Level 2 Level 2 (405 points)

    Not addressing your enrollment question but your statement...

    I understand that new certificate needs to be installed and assigned prior to me changing IP and Hostname.

    I believe is wrong. Before you do anything regarding public certificates you should have your networking & DNS — both internal (LAN) & external (Internet) fully working and setup. Only then should you proceed with installing a public certificate.

  • 2. Re: Moving enrolled devices from internal IP to external IP with new hostname
    iToaster Level 3 Level 3 (670 points)

    Here's what I've done

     

    I'm not using a signed cert only trusted

    Server is using  domain name internally

    Server is on LAN behind NAT device

    Ports PM uses are open and forwarded to the osx server

    Server name resolves both internally and externally

     

    With correct ports open and forwarded and the name resolving

    I can push settings to users internally and externally

     

    As far as I'm aware once the cert expires you have to re enrol the devices

    Same deal if you're changing the cert