Jamf AD CS Connector Overview

Before you can integrate Jamf Pro with Active Directory Certificate Service (AD CS), you must install the Jamf AD CS Connector. This service securely transfers all communication between Jamf Pro and AD CS.

When you install the Jamf AD CS Connector, the installer automatically does the following:

  • Installs and configures the applications needed to run the Jamf AD CS Connector. For more information, see Installed Applications.

  • Installs the Jamf AD CS Connector.

  • Generates the certificates required to secure communication with Jamf Pro. For more information, see Jamf AD CS Connector Certificates.

Installed Applications

When you install the Jamf AD CS Connecter, Microsoft Internet Information Services (IIS) for Windows Server is automatically installed. Microsoft IIS is the web application server that runs the Jamf AD CS Connector. A directory named ADCS Proxy is installed in the following location:

C:\Users\Administrator\Desktop\ADCS Proxy-423>

For more information about IIS, see the following website:
https://www.iis.net

In addition, the following are automatically configured when you install the Jamf AD CS Connector:

  • IIS Client Certificate Mapping Authentication—IIS is automatically configured to enable communication between Jamf Pro and the Jamf AD CS Connector to take place using IIS Client Certificate Mapping Authentication.
    For more information about IIS Client Certificate Mapping Authentication, see the Microsoft Configuration Reference Documentation.

  • ASP.NET—This provides the application framework for the Jamf AD CS Connector and is integrated with the instance of the IIS web application.
    For more information about ASP.NET, see the following website:
    https://msdn.microsoft.com/en-us/library/4w3ex9c2.aspx

Jamf AD CS Connector Certificates

When you install the Jamf AD CS Connector, the following certificates are automatically generated:

Certificate

Details

Server certificate (.pem or .cer)

This certificate ensures trust between Jamf Pro and the Jamf AD CS Connector. It is a self-signed SSL certificate generated when the Jamf AD CS Connector is installed and allows IIS to validate client certificates.

The server certificate is exported to the current working directory with the following filename:
adcs-proxy-ca.cer

Note: The server certificate is required when configuring Jamf Pro to communicate with the Jamf AD CS Connector.

Client certificate (.pfx or .p12)

This certificate allows Jamf Pro to authenticate with the Jamf AD CS Connector. The client certificate is generated when the Jamf AD CS Connector is installed and is signed by the server certificate. It is exported in PFX format using a randomly generated password that is output to the shell during the Jamf AD CS Connector installation.

Note:The client certificate and randomly generated password are required when configuring Jamf Pro to communicate with the Jamf AD CS Connector.

Both certificates are required when configuring Jamf Pro to communicate with the AD CS Proxy Service.

Additional Information

For more information on Jamf AD CS Connector-related topics, see the Integrating with Active Directory Certificate Services (AD CS) Using Jamf Pro technical paper.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.