Skip to main content

Hi friends,

I am new at Jamf and appreciate your help.

We use Jamf Pro in the cloud and we have a local Microsoft CA server.

My goal is to install certificates from the local CA using Jamf pro cloud on the mac devices.

I understand there are two ways to do this:

1. Using Jamf ADCS Connector

2. Using Jamf SCEP with local NDES server

Am I right?

What is the right and secure way to do it?

We also have Azure and Intune if that can help. 

Thanks

 

 

So do you use this sever dedicated to JAMF.

 

If you have intune or any other mdm using the same server to get certificate, definitely this will not work and in jamf you might see pending .

you might need dedicated server 


For more understanding i might like to take look at all your setting , this need lot of understanding to set up its better let me know we can check this.

 

yes i am using fresh server setup and not shared with intune

 

and earlier with default certificate(IPSEC offline it worked well) when i hardcode registry with my certificate it is not issuing certificate and i dont know which log do i need to validate here 

For more understanding i might like to take look at all your setting , this need lot of understanding to set up its better let me know we can check this.

 


yeah sure i am wishing too. let me know how to proceed

Email me bharath.r@mindtree.com with meeting url lets get connected and check this together 

Ah yeah, this one took me a few days to figure out ...In our environment, the purpose of this was to do cert based 802.1x authentication.

At first my intention was to use the SCEP server already setup for our windows based devices enrolled through intune, struggled with it but failed to get it to work. This was (as I later found out) due to the intune connector, it takes over SCEP preventing you from using it for other purposes. So I spun up a new SCEP server specifically for Mac devices to retrieve a cert from our Windows PKI.

Once that was clear the general steps were this:

  • Create an AzureAD app
  • Install the the AAD App Proxy on the new SCEP server and link it back
  • Create service account 
  • Create cert template in PKI 
  • Go into JAMF -> Settings -> PKI Cert -> Management Cert Template -> External CA -> Configure this as a SCEP proxy, pointing to the URL of your Azure AD App. 
  • Create a Configuration Profile with the SCEP, Cert and Network information. 

    LMK If you want screenshots or more detail, I know I glossed over a bunch of stuff.  

I'd be very interested in some more detail around this, diags/screenshots/gotchas/watchas etc if you have time to provide?

Did it Work finally ? @MannyKrishna or @bharathr1092750 I'm trying to implement the similar setup and kind of stuck. Any help would be greatly appreciated.

Reply


Terms & ConditionsCookie settings