With the release of the Casper Suite 9.0, JAMF also released a new tool called the JDS (JAMF Distribution Server). The JDS is no-fuss software that runs on either OS X Server or Linux that acts as an HTTPS distribution point, and includes automated syncing between JDSs, all managed by the JSS.
Since the JDS shares files over HTTPS, there’s a certificate involved. The certificate used when installing the JDS is issued by whatever certificate authority the JSS is using. By default, this is the built-in CA, but it could also be your own external CA. This works well for client management because as part of the client enrollment process, the CA is installed and trusted. This is fine and dandy, until you get to using NetBoot (or an OS hosted on an external drive) for imaging. Since the OS used for imaging generally isn’t enrolled in the JSS, the CA isn’t automatically trusted. The good news is there’s an easy fix. Perform the following steps on the OS that you’re going to use for imaging.
Download the CA certificate from your JSS
Navigate to https://jss.example.com:8443/pki.html (or log in to your JSS, and access the PKI settings under Global Management).
Click the Download CA Certificate button
Add the certificate to your System Keychain
Find the certificate in your downloads folder
Double click the certificate to add it to your keychain. Make sure you change the dropdown to System Keychain.
This will import the certificate into the System Keychain, and will enable the system to trust any certificates issued by the CA in question. You’ll no longer see certificate trust errors when using the JDS.