Generating a PKCS12 (.p12) Keystore File from a Google Cloud LDAP Client

Updated: 10 December 2021

Product: Jamf Pro

Google's Secure LDAP service generates a certificate that serves as the primary authentication mechanism for the LDAP clients to authenticate with Secure LDAP.

To configure Jamf Pro to authenticate with client certificates, they must be installed in the application's keystore. This article explains how to generate the PKCS12 (.p12) keystore file and upload it to Jamf Pro when integrating with Google Cloud Identity Provider.

Requirements

An LDAP client to download a certificate from.
For more information, see Add and connect new LDAP clients from Google's Cloud Identity Help web site.
To convert the certificate and key to .p12 keystore format, OpenSSL must be installed in your local environment.

Log in to your Google Admin console.
Click Apps and then LDAP.
Choose the LDAP client you want to integrate with Jamf Pro.
The service switch status needs to be On for the chosen LDAP client.
Click Authentication.
Download the certificate file that you will use when integrating with Jamf Pro.
Extract the downloaded archive. The output should contain the certificate (.crt) file and the private key (.key) file.

To generate the .p12 keystore file, execute the following command:

openssl pkcs12 -export -out /path/to/generated/keystore.p12 -inkey /path/to/saved/privatekey.key -in /path/to/saved/certificate.crt

Create a password when prompted.
This is the password you'll use when accessing the keystore file. Store this password in a secure location.

You can now upload the generated .p12 keystore file to Jamf Pro or locally add it to a computer's system keychain.

Note: Generating a separate keystore file for use with Jamf Pro each time you download the certificate from Google is recommended.

Additional Information

For more information about integrating Google's Secure LDAP Service with Jamf Pro, see Google Secure LDAP Integration in the Jamf Pro Documentation.