We have a on-prem Microsoft certification authority server whose credentials are essential for connecting to wifi and VPN and we want to install these certificates on Macs run by Jamf Pro.
The security requirements is not to open the local ca server to the Internet.
And my question, is there a way Jamf can issue the certificates for the mac instead of the local ca? (subordinate CA)
Or, Or is there another way to do it without making the local server accessible from the Internet?
If that can help, we have Azure and Intune.
@__AMM if you want no servers on prem exposed to the internet, you cant use AD CS, this is just another server whcih you can install on prem which connects to your cert servers / jamf cloud. It wont work from a DMZ if they are behind f5's. If your network / cyber team can get it to work via a dmz you might be ok to use it. jamf itself cant work as a CA you need it to link to one if your trying to do 802.1x
@__AMM it will work, but other things to consider have a read of this: Installing and troubleshooting the Jamf ADCS connector - Travelling Tech Guy
AD CS Connector Experience, Tips, and Lessons Lear... - Jamf Nation Community - 177003
If however you dont want to open things to the web it might get rejected