Jamf Nation Community

justice_lammers · ‎08-14-2019

The goal is to match the correct p12 (cert file) with the corresponding user asset through jamf to automate the process of pushing certificates over EAP-TLS. Any suggestions in a way to do this?

We are currently grabbing the correct certificate (based on username) and manually uploading it to the matching asset on jamf. I am having trouble thinking of a way to automate this process.. Possibly by finding the username of the computer and matching to the p12 file that should be uploaded into the keychain.

sdagley · ‎08-14-2019

@justice.lammers Are you using a certificate system that supports SCEP? If so, you can use a User Level Configuration Profile with SCEP and Network payloads to send the certificate to a managed Mac and configure both Wi-Fi and wired network connections to use it.

justice_lammers · ‎08-14-2019

@sdagley Thanks so much for your response! I have done exactly this and it works great. My goal, however, is to find a way to pull the specified p12 file (username.p12) from a pool of them located on a server and automate the process of uploading them to the "certificate" jamf section (within configuration profile) to the specific machine (asset # whatever, which has a local profile equivalent to the username.p12) so that we don't have to manually upload hundreds of users and upload future new users. Hope this clears up my question and would love to see if anyone has a solution and if it's even possible!?!

sdagley · ‎08-14-2019

@justice.lammers With a SCEP payload you can send a request to your certificate server to generate the certificate for a specific user when the profile is being delivered. You do not need, or want, to pre-generate them. While you could script something to pull pre-generated certificates from your server you wouldn't be able to use a configuration profile to install them.

Jamf Nation Community

EAP-TLS automation