Obtaining a SCEP Proxy Signing Certificate from a Microsoft CA Using OpenSSL and Uploading the Certificate to Jamf Pro
This article explains how to obtain a signing certificate from a Microsoft certificate authority (CA) using OpenSSL and upload the certificate to Jamf Pro. When a computer or mobile device that needs a certificate checks in with Jamf Pro, the device communicates with the SCEP server to obtain the certificate. You can enable Jamf Pro to proxy this communication between a SCEP server and the devices in your environment to ensure devices do not need to access the SCEP server. When Jamf Pro is enabled as a SCEP Proxy, Jamf Pro communicates directly with the SCEP server to obtain certificates and install them on computers and mobile devices.
The procedure involves the following steps:
-
Generating a Certificate Signing Request
Downloading the Certificate from the Microsoft CA Server
Uploading the Certificate to Jamf Pro
General Requirements
Jamf Pro 10.0.0 or later
macOS or Linux
A Microsoft CA server
Step 1: Generating a Certificate Signing Request
Step 2: Downloading the Certificate from the Microsoft CA Server
Choose one of the following methods depending on if your organization has web enrollment enabled.
Method 1: Your organization has web enrollment enabled
Method 2: Your organization does not have web enrollment enabled
You can request a certificate using a Windows PC.
Step 3: Uploading the Certificate to Jamf Pro
- Log in to Jamf Pro.
- In the top-right corner of the page, click Settings.
- Click Global Management.
- Click PKI Certificates.
- Click Management Certificate Template.
- Click External CA.
- Click Signing and CA Certificate Assistant at the bottom of the page.
- Upload the .p12 file.
- Enter the export password that you set previously, and then click Next.
- From the pop-up menu, choose the user certificate you just uploaded, and then click Next.
- (Optional) If needed, upload a CA certificate for an additional CA.
- To save the settings, click Next.
- Click Done.