Distributing a Certificate Using a Configuration Profile

After communication between Jamf Pro and Active Directory Certificate Services (AD CS) has been established, you can use Jamf Pro to distribute certificates with AD CS as the certificate authority (CA) to computers and mobile devices in your environment using configuration profiles.

Certificates are not deployed immediately. The configuration profile is queued to obtain a certificate. Once the Certificate payload and configuration profile are complete, the configuration profile will be deployed to the device. The timeframe for certificate deployment may vary depending on server load.

Note:

Jamf Pro automatically redistributes the certificate via a configuration profile 10 days before the certificate expires. If the 10-day default setting does not meet your needs, contact Jamf Support.

Requirements

You must add a PKI Provider to Jamf Pro to use as the CA for certificates. For more information see the following:

  1. In to Jamf Pro, do one of the following:
    1. To create a computer configuration profile, click Computers at the top of the page, and then click Configuration Profiles.
    2. To create a mobile device configuration profile, click Devices at the top of the page, and then click Configuration Profiles.
  2. Click New .
  3. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.

    Only payloads and settings that apply to the selected level are displayed for the profile.

  4. Select the Certificate payload and click Configure.
  5. Enter a display name and then choose an AD CS instance from the Select Certificate Option pop-up menu.
  6. Use the settings on the pane to specify information about the CA.
    Note:

    Ensure that you enter the template name and not the template display name.

  7. Click Save .