Integrating with Apple's Global Service Exchange (GSX)

This article explains how to create a GSX account and obtain an Apple certificate. You can integrate Jamf Pro 10.15.0 or later with Apple's Global Service Exchange (GSX).
Note:

As of October 1, 2019, Jamf Pro 10.15.0 or later is required to integrate with GSX. If you are using an earlier version of Jamf Pro with a GSX integration, you must upgrade to Jamf Pro 10.15.0 or later to continue integrating with GSX.

General Requirements

Before you can integrate Jamf Pro with GSX, you must have the following:
  • A GSX Account with the "Manager" or "Administrator" role, access to Web Services, and access to coverage/warranty information

  • An Apple certificate

  • (On-premise customers) Your IP address must be safelisted by Apple. To verify that your IP address is safelisted, contact Apple.

Creating a GSX Account

  1. Go to http://www.apple.com/support/programs/ssa/ to apply for a GSX account.
    Note:

    To apply for a GSX account, you must have a service contract with Apple. Contact your Apple Account Executive to learn more about GSX.

  2. Log in to your GSX account at https://myaccess.apple.com/
    Note:

    This rest of this process is managed by Apple and is subject to change. Contact Apple if you need assistance creating your GSX account.

Obtaining an Apple Certificate

Obtaining an Apple certificate involves the following steps:

  1. Generating a certificate signing request (CSR)

  2. Sending the CSR and your GSX account information to Apple. Apple sends back Apple certificates (.pem)

  3. Converting the Apple certificates to .p12 format

  4. Uploading the certificate to Jamf Pro

Note:

Steps 1-2 are managed by Apple and are subject to change. Contact Apple for details about the process. If you have questions, contact Jamf Support.

Generating a CSR

To generate a CSR, sign in to Apple's MyAccess website and follow the instructions provided by Apple: https://myaccess.apple.com/

Important: The CSR generated in this process is the only valid CSR accepted by Apple for GSX connections.

Sending the CSR and GSX Account Information to Apple

Send an email to the Apple GSX email address provided on Apple's MyAccess website: https://myaccess.apple.com/

You will need to attach your CSR to the email. The required GSX account information and certificate will be provided by Apple.

Note: This process can take up to a week and is subject to change. Contact Apple for the most current information.

Converting the Apple Certificate (.pem) to .p12 Format

Create a .p12 file using the private key and Apple certificates by executing the following command:

openssl pkcs12 -export -inkey privatekey.pem -in cert.pem -out GSX_Cert.p12
Note: The GSX_Cert.p12 file contains your signed GSX certificate. If you do not specify a path before the file name when running the above command, the file will be in your working directory.

The certificate is saved as a .p12 file in the location you specified.

Note: The private key password is the password that you set when creating the CSR. You must also set an export password, which will be used as the keystore password when uploading to Jamf Pro.

Configuring the GSX Connection in Jamf Pro

Configure the GSX connection in Jamf Pro by providing your Apple API Token and uploading your GSX certificate. For instructions, see "Configuring the GSX Connection Settings" on the GSX Connection page in the Jamf Pro Administrator's Guide.

Additional Information

For instructions on how to integrate Jamf Pro with GSX, see GSX Connection in the Jamf Pro Administrator's Guide.