Help

Add JAMF as issuing CA from our internal MS ADCS CA

BillC_nyt
New Contributor

Posted on ‎09-21-2016 12:51 PM

I see some feature Reqs and items on this but nothing specific. We would like Jamf to request a subordinate CA certificate from our MS CA internally so it would issue device certs from itself but integrated in our Tier 3 PKI. Is this possible? Seem like it should ... Any advice or documentation appreciated. Thanks

0 Kudos
2 REPLIES 2

franton
Valued Contributor III

Posted on ‎09-22-2016 03:31 AM

Well @bentoms has done some work here. https://macmule.com/2015/09/06/osx-ad-certificate-requests-some-tips/

0 Kudos

dwandro92
Contributor III

Posted on ‎09-22-2016 05:07 AM

I don't believe that there is a way to actually make the JSS an intermediate CA. Depending on what you mean by "device certificates", you might still be able to accomplish the task in a different way.

  • If you want your MDM enrollment certificates to be issued by your MS CA, refer to Integrating With an External CA.

  • If you want to request device certificates from an MS CA for other purposes (e.g. 802.1x network authentication), refer to the link that @franton provided. Additionally, I provided some tips on another post which you might find helpful.

0 Kudos