Security Settings

The Security settings in the Jamf Software Server (JSS) allow you to do the following:

  • Enable certificate-based authentication.

  • Enable push notifications.

  • Configure SSL certificate verification.

  • Specify the condition under which the checksum will be used to validate packages. If you choose to validate packages, the validation occurs after the package is downloaded.

  • Specify a maximum clock skew between managed computers and the JSS host server.

When a Mac computer attempts to communicate with the JSS and the security requirements specified in the JSS are not met, communication is blocked.

Configuring SSL Certificate Verification

Configuring the SSL Certificate Verification setting in the JSS ensures that computers only communicate with a host server that has a valid SSL certificate. This prevents computers from communicating with an imposter server and protects against man-in-the-middle attacks.

Consider the following when configuring SSL certificate verification:

  • If you are using the self-signed certificate from Apache Tomcat that is built into the JSS, you must select "Always except during enrollment".

  • If you are using an SSL certificate from an internal CA or a trusted third-party vendor, select either "Always" or "Always except during enrollment". It is recommended that you use "Always" if computers in your environment are configured to trust the certificate before they are enrolled.

For more information, see the following Knowledge Base articles:

Requirements

To enable push notifications, you must have a push certificate in the JSS. (For more information, see Push Certificates.)

Configuring Security Settings

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15182639/Settings_icon.png .

  3. Click Computer Management.

  4. In the ”Computer Management–Management Framework” section, click Security images/download/thumbnails/15182639/Security.png .

  5. Click Edit.

  6. Configure the settings on the pane.

  7. Click Save.

Related Information

For related information, see the following sections in this guide:

  • Certificates
    Learn about device certificates and the SSL certificate.

  • SSL Certificate
    Find out how to create or upload an SSL certificate that Mac computers can use to verify the identity of the JSS.

  • Calculating a Checksum
    Learn about using the checksum to validate a package and how to manually calculate the value.

For related information, see the following Knowledge Base articles:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.