MunkiReport client configuration

I am not sure how to set up MunkiReport through MDS correctly to have clients display. I install the MunkiReport files on the system I want to be the server, and then click the option in the workflow to also install MunkiReport while installing MacOS on the client machine. Do I need to do anymore configuration on the client for me to see the client in my reports? Right now I am not seeing any clients.

The way munkireport works in MDS is that when you save the workflow, MDS will download the munkireport enrollment script from:


(servername.local to the dns name of your MDS server)

it then packages that up and will run it as part of the deployment workflow. A good way to check is to verify that you can get to the location from a client and if you run the script, it enrolls in MunkiReport.



When I ran the script on my client, it was giving me an certificate error. So I added the insecure flag to curl in the script and then it completed successfully. My client was still not populating on my MunkiReport dashboard. I saw you may need to run the munki-report runner command from the MunkiReport website documentation, and received a different error about not having a valid certificate, etc… I am just testing this on my home network.

I think the problem lies in the fact I failed to click trust the server certificate in the system keychain option when setting up the workflow I used to install on the client. I will try it again tonight.

Tried it last night and selecting the option to trust server certificate in system keychain does not resolve the problem. Still cannot see any clients. The server computer is running Catalina and the client is High Sierra.

I believe we are discussing this in slack. Let me know if that is now you :slight_smile:


1 Like

Nope but I will check out the discussion.

This is one of the error messages I get when trying to manually run the install script on the client.

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here:

curl performs SSL certificate verification by default, using a “bundle”

of Certificate Authority (CA) public keys (CA certs). If the default

bundle file isn’t adequate, you can specify an alternate file

using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

the bundle, the certificate verification probably failed due to a

problem with the certificate (it might be expired, or the name might

not match the domain name in the URL).

If I add the --insecure flag to the client script, and now run munkireport-runner it now adds the client successfully to my MunkiReport server.

1 Like