Configuring the Jamf AD CS Connector (IIS) to Use an Alternate Server Certificate

The AD CS connector creates secure server and client certificates when installed. However, if your organization prefers to use certificates created by an internal CA or a 3rd party CA, you can configure the AD CS Connector use alternate server and client certificates.

Requirements

  • You have the server certificate that you want to use.

  • The server certificate is in .pfx format (the format is usually provided by your PKI team).

  1. Click the Start menu, select Run, and then enter certlm.msc to open the Certificate Manager tool.

  2. Right click the Web-Hosting folder, and then click All Tasks > Import.

  3. Follow the wizard's instructions to import the certificate.
  4. Open Internet Information Services (IIS) Manager.
  5. In the Connections sidebar, open the Sites folder, click on the Jamf AD CS Connector site (by default called "AdcsProxy"), and click Bindings in the Actions sidebar.

  6. In the Site Bindings dialog, select https, and click Edit.
  7. Choose the desired certificate from the SSL certificate pop-up menu.

  8. Click OK.
Note:

  • If your identity has root or intermediate certificates in its trust chain that were not included in the .pfx file you added to the Windows certificates store, you must also add them.

  • Replace your IIS server certificate prior to expiration. If you do not, Jamf Promay no longer be able to negotiate TLS connections after the expiration date has passed. The steps are the same as the initial installation steps.