Skip to main content
Question

JSS to Proxy the SCEP Certificate

  • April 29, 2013
  • 4 replies
  • 37 views
J
Forum|alt.badge.img+9

We are not opening SCEP to off network devices (i.e. exposing SCEP to the internet). So we have run into an issue where certificates are being lost due to password changes (end users killing the login keychain which is where our VPN certificate lives).

Could the JSS serve as a proxy to SCEP? We don't want the JSS as an intermediate CA in our PKI. Rather we would like to be able to allow the JSS to request the certificate on behalf of the user/device and pass the resulting certificate down to the device over the air.

    4 replies

    B
    Forum|alt.badge.img+7
    • bbergstein
    • Contributor
    • April 29, 2013

    This would be amazing... maybe this should be a feature request though instead of a discussion?

    J
    Forum|alt.badge.img+13
    • JPDyson
    • Valued Contributor
    • April 29, 2013

    ERMAHGERD yes. I would love this.

    J
    Forum|alt.badge.img+13
    • JPDyson
    • Valued Contributor
    • April 30, 2013

    So, out of curiosity, have you tried Settings -> Global Management Framework Settings -> Public Key Infrastructure? You can define your SCEP environment there, but I'm not sure what it buys you.

    J
    Forum|alt.badge.img+13
    • JPDyson
    • Valued Contributor
    • May 1, 2013

    FR created https://jamfnation.jamfsoftware.com/featureRequest.html?id=1163

    Terms & ConditionsCookie settingsAccessibility statement