Profiles not being signed
My Configuration Profiles that are being pushed to machines are showing up as "Unsigned" in System Preferences->Profiles
The trust profiles and enrollment profiles are showing up as Verified but it doesn't look like those use the same cert for signing. Not sure if that is intentional or if I goofed something up. Can't find any documentation that goes that deep into the certs required for PM.
In the Keychain(server side) I have 4 relevant self-signed certs:
- OD Certificate Authority (Company.com Root CA)
- Intermediate CA signed by the above CA (Company.com Intermediate)
- Code Signing Cert signed by the Intermediate above (Company.com Code Signing Cert)
- Another cert signed by the Intermediate. In the cert its purpose is "Server Authentication" (Company.com cert)
The only cert that the clients have installed and trusted is the first OD Certificate Authority (Company.com Root CA)
In Server.app under certificates I have
Settings
- Secure server settings using - Intermediate CA (Company.com Intermediate)
Certificates
- Another cert (Company.com cert) that last one on the list from above
- Code Signing Cert (Company.com Code Signing Cert)
Under Profile Manager:
- Sign Configuration Profiles box is checked
- Clicking edit shows me its using the Code Signing Cert
When I look at the Trust Profile through System Preferences on a client Machine it says that it contains 2 certificates. They are both the same - OD Certificate Authority. When I look in the client keychain, only one copy is found. Something seems flaky here but I don't know how to modify the Trust Profile.
The same thing with the Remote Management Profile. 2 identical certs - OD Certificate Authority. Again, no idea how to modify this.
Any help would be appreciated. Thanks!