Generating a PKCS12 (.p12) Keystore File from a Google Cloud LDAP Client

Updated: 17 June 2022
Product: Jamf Pro

Google's Secure LDAP service generates a certificate that serves as the primary authentication mechanism for the LDAP clients to authenticate with Secure LDAP.

To configure Jamf Pro to authenticate with client certificates, they must be installed in the application's keystore. This article explains how to generate the PKCS12 (.p12) keystore file and upload it to Jamf Pro when integrating with Google Cloud Identity Provider.

Requirements

  • A Google Identity subscription that includes Google's LDAP service so you can download a certificate.

    For more information about Google's Secure LDAP service, see About the Secure LDAP service on the Google Workspace Admin Help website and Add and connect new LDAP clients on Google's Cloud Identity Help website.

  • OpenSSL must be installed in your local environment to convert the certificate and key to .p12 keystore format.

  1. Log in to your Google Admin console.
  2. Click Apps and then LDAP.
  3. Choose the LDAP client you want to integrate with Jamf Pro.

    The service switch status needs to be On for the chosen LDAP client.

  4. Click Authentication.
  5. Download the certificate file that you will use when integrating with Jamf Pro.
  6. Extract the downloaded archive. The output should contain the certificate (.crt) file and the private key (.key) file.
  7. To generate the .p12 keystore file, execute the following command:
    openssl pkcs12 -export -out /path/to/generated/keystore.p12 -inkey /path/to/saved/privatekey.key -in /path/to/saved/certificate.crt
  8. Create a password when prompted.

    This is the password you'll use when accessing the keystore file. Store this password in a secure location.

You can now upload the generated .p12 keystore file to Jamf Pro or locally add it to a computer's system keychain.
Note: Generating a separate keystore file for use with Jamf Pro each time you download the certificate from Google is recommended.

Additional Information

For more information about integrating Google's Secure LDAP Service with Jamf Pro, see Google Secure LDAP Integration in the Jamf Pro Documentation.