Generating the PKCS12 Keystore File When Integrating Google Cloud Identity Provider with Jamf Pro

Google's Secure LDAP service generates a certificate that will act as the primary authentication mechanism for the LDAP clients to authenticate with Secure LDAP. To configure Jamf Pro to authenticate with client certificates, they must be installed in the application's keystore. This article explains how to generate the PKCS12 (.p12) keystore file and upload it to Jamf Pro when integrating with Google Cloud Identity Provider.

Requirements
  • Jamf Pro 10.17.0 or later

  • To convert the certificate and key to the PKCS #12 keystore format, OpenSSL must be installed on your local environment.

  1. Log in to your Google Admin console.
  2. Click Apps and then LDAP.
  3. Choose the LDAP client you want to integrate with Jamf Pro. The service switch status needs to be On for the chosen LDAP client.
  4. Click Authentication.
  5. Download the certificate file that you will use when integrating with Jamf Pro.
  6. Extract the downloaded archive. The output should contain the certificate (.crt) file and the private key (.key) file.
  7. To generate the PKCS #12 (.p12) keystore file, execute the following command:
    openssl pkcs12 -export -out /path/to/generated/keystore.p12 -inkey /path/to/saved/privatekey.key -in /path/to/saved/certificate.crt
  8. Create a password when prompted. This is the password you will use when accessing the keystore file. Store this password in a secure location.
You can now upload the generated PKCS #12 (.p12) keystore file when adding a Google Cloud Identity Provider instance in Jamf Pro.
Note:

It is recommended to generate a separate keystore file for use with Jamf Pro each time you download the certificate from Google.