Help

Seeking guidance on ADCS and Machine/User (especially User) certificates

dlondon
Valued Contributor

Posted on ‎11-08-2020 09:07 PM

Hi,

I am trying to figure out how to set up Active Directory Certificate Services (ADCS) and Machine/User Certificates

Our machines are bound to Active Directory. We also have a bunch of Windows machines

I can find info on Jamf Pro, Machine certificates and ADCS but not User certificates and ADCS although I do see a feature request where it says that User certificates are implemented https://www.jamf.com/jamf-nation/feature-requests/7633/add-support-for-user-certificates-in-the-ad-cs-connector

Has anyone worked out the process or can you point me at a good guide on how to do it?

I did find a fair bit of info on Machine certificates and ADCS e.g. https://youtu.be/oRkpkN1Z3aI but I've been told I also need to figure out User certificates as those will be used to control some levels of access

0 Kudos
3 REPLIES 3

patgmac
Contributor III

Posted on ‎11-09-2020 08:41 AM

ADCS does not do user-certificates. It can install machine certificates into the user keychain, but that is not user-certs.

dlondon
Valued Contributor

Posted on ‎11-09-2020 03:36 PM

Thanks @patgmac - do you know how user certificates can be done then?

0 Kudos

patgmac
Contributor III

Posted on ‎11-10-2020 05:53 AM

A config profile with the AD Certificate payload. Or you can use Enterprise Connect, NoMAD, or I believe Jamf Connect. Also https://twocanoes.com/products/mac/certificate-request/. I don't have an opinion of the various tools since I only use machine certs.

0 Kudos