Posted on 11-08-2020 09:07 PM
I am trying to figure out how to set up Active Directory Certificate Services (ADCS) and Machine/User Certificates
Our machines are bound to Active Directory. We also have a bunch of Windows machines
I can find info on Jamf Pro, Machine certificates and ADCS but not User certificates and ADCS although I do see a feature request where it says that User certificates are implemented https://www.jamf.com/jamf-nation/feature-requests/7633/add-support-for-user-certificates-in-the-ad-cs-connector
Has anyone worked out the process or can you point me at a good guide on how to do it?
I did find a fair bit of info on Machine certificates and ADCS e.g. https://youtu.be/oRkpkN1Z3aI but I've been told I also need to figure out User certificates as those will be used to control some levels of access
Posted on 11-09-2020 08:41 AM
ADCS does not do user-certificates. It can install machine certificates into the user keychain, but that is not user-certs.
Posted on 11-09-2020 03:36 PM
Posted on 11-10-2020 05:53 AM
A config profile with the AD Certificate payload. Or you can use Enterprise Connect, NoMAD, or I believe Jamf Connect. Also https://twocanoes.com/products/mac/certificate-request/. I don't have an opinion of the various tools since I only use machine certs.