Distributing Certificates Using Configuration Profiles

After communication between Jamf Pro and Active Directory Certificate Services (AD CS) has been established, you can use Jamf Pro to distribute certificates with AD CS as the certificate authority (CA) to computers and mobile devices in your environment using configuration profiles.

Certificates are not deployed immediately. The configuration profile is queued to obtain a certificate. Once the Certificate payload and configuration profile are complete, the configuration profile will be deployed to the device. The timeframe for certificate deployment depends on server load and typically is 5 minutes, or the next device check-in.

Note: Jamf Pro automatically redistributes the certificate via a configuration profile 10 days before the certificate expires. If the 10-day default setting does not meet your needs, contact Jamf Support.


Before you can distribute certificates using configuration profiles, you must add a PKI Provider to Jamf Pro to use as the CA for certificates. For more information see the following:

In addition, ensure the requirements for distributing configuration profiles are met. See the requirements in the following sections of the Jamf Pro Administrator's Guide:

Distributing a Certificate Using a Configuration Profile

  1. Log in to Jamf Pro.

  2. Do one of the following:

    • To create a computer configuration profile, click Computers at the top of the page, and then click Configuration Profiles.

    • To create a mobile device configuration profile, click Devices at the top of the page, and then click Configuration Profiles.

  3. Click New.

  4. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.
    Only payloads and settings that apply to the selected level are displayed for the profile.

  5. Select the Certificate payload and click Configure.

  6. Enter a display name and then choose an AD CS instance from the Select Certificate Option pop-up menu.

  7. Use the settings on the pane to specify information about the CA.

  8. Click Save.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.