Can the Jamf pro built in CA be accessed via scep by jamf pro configuration profiles?

Ferri
New Contributor

Hi, we need to create a few certificate authenticated wifi profiles to distribute to macs, as the office is mainly windows  and the number of macs is 20 or so, there is not much desire to set up an azure app proxy, ndes etc to allow jamf pro to connect to the internal CA through scep to generate certs, but looking through the documentation am not sure if it is possible to access the internal CA through scep when creating a new wifi profile. 

 

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@Ferri If your 802.1x authentication system is expecting a certificate from your org's internal CA then if there was a way to have Jamf Pro's built-in CA deliver a cert via SCEP (which I do not believe is possible) would not help. I'd suggest going through the process of setting up a proxy between your internal CA and your Jamf Pro instance so that certs can be delivered via Jamf Pro. It may be a little pain to set up, but once done it greatly simplifies dealing with certificates.

View solution in original post

3 REPLIES 3

sdagley
Esteemed Contributor II

@Ferri If your 802.1x authentication system is expecting a certificate from your org's internal CA then if there was a way to have Jamf Pro's built-in CA deliver a cert via SCEP (which I do not believe is possible) would not help. I'd suggest going through the process of setting up a proxy between your internal CA and your Jamf Pro instance so that certs can be delivered via Jamf Pro. It may be a little pain to set up, but once done it greatly simplifies dealing with certificates.

Ferri
New Contributor

yup, on both counts, was a pain to set up, does work perfectly once set up properly. the internal ca cannot be used for this purpose.

ashay_mudya
New Contributor II

@Ferri @sdagley  We have the External CA  setup to enable Jamf pro  as SCEP proxy for configuration profiles . Wanted to know if certificate uploaded on signing certificate option is  valid or not , dont have any option to view it 

ashay_373_0-1689610872252.png