Obtaining a SCEP Proxy Signing Certificate from a Microsoft CA Using Command Prompt and Uploading the Certificate to Jamf Pro
This article explains how to obtain a signing certificate from a Microsoft certificate authority (CA) using Command Prompt and upload the certificate to Jamf Pro. When a computer or mobile device that needs a certificate checks in with Jamf Pro, the device communicates with the SCEP server to obtain the certificate. You can enable Jamf Pro to proxy this communication between a SCEP server and the devices in your environment to ensure devices do not need to access the SCEP server. When Jamf Pro is enabled as a SCEP Proxy, Jamf Pro communicates directly with the SCEP server to obtain certificates and install them on computers and mobile devices.
The procedure involves the following steps:
- Generating a Certificate Signing Request
- Downloading the Certificate from the Microsoft CA Server
- Uploading the Certificate to Jamf Pro
General Requirements
- Jamf Pro 10.0.0 or later
- Java Development Kit (JDK) with the keytool utilityNote:
If you do not have keytool, OpenSSL is an alternative. Contact your support representative for more information.
- A Microsoft CA server
Step 1: Generating a Certificate Signing Request
Step 2: Downloading the Certificate from the Microsoft CA Server
Step 3: Uploading the Certificate to Jamf Pro
Additional Information
For additional information, see the PKI Certificates page in the Jamf Pro Documentation.
For additional information, see the Enabling Jamf Pro as SCEP Proxy technical paper.