Integrating with Active Directory Certificate Services
You can configure the PKI Certificates settings in Jamf Pro to use Active Directory Certificate Services (AD CS) as a PKI Provider.
- AD CS Integration—These settings define the location of the CA server for Jamf Pro.
- Jamf AD CS Connection—These settings enable Jamf Pro to securely communicate with AD CS via the Jamf AD CS Connector.Note:
The Jamf AD CS Connector is a service provided by Jamf Pro that must be installed prior to configuring the Jamf AD CS Connection settings in Jamf Pro. For more information, see Installing the Jamf AD CS Connector.
After you add AD CS as a PKI Provider in Jamf Pro, you can use the PKI Certificates settings in Jamf Pro to view and edit information about the CA.
In addition, you can use the PKI Certificates settings to view information about the active, expired, or inactive AD CS certificates that have been distributed to devices via configuration profiles.
Adding AD CS as a PKI Provider in Jamf Pro
Adding AD CS as a PKI Provider in Jamf Pro requires you to configure the AD CS Integration settings and the Jamf AD CS Connection settings.
Install the Jamf AD CS Connector.
For more information, see Installing the Jamf AD CS Connector.
You need the Jamf AD CS Connector certificates that are generated when you install the Jamf AD CS Connector.
- In Jamf Pro, click Settings
in the top-right corner of the page. - In the Global Management section, click PKI Certificates
. - Click the Certificate Authority tab, and then click Configure New Certificate Authority.
- Select Active Directory Certificate Services (AD CS) and click Next.
- Configure the AD CS Integration settings by doing the following:
- Enter the fully qualified domain name of the server that hosts AD CS in the Fully Qualified Domain Name field.
- Enter the name of the certificate authority in the CA Name field.
- Configure the Jamf AD CS Connector settings by doing the following:
- Click Save
. - Click Done.
AD CS is listed as a CA on the Certificate Authorities pane.
When integration with AD CS is complete, you can use Jamf Pro to distribute certificates to devices using configuration profiles with AD CS as the CA. For more information, see Distributing a Certificate Using a Configuration Profile
In addition, if your environment uses in-house apps that have been developed with the Jamf Certificate SDK, you can use Jamf Pro to distribute them. For more information, see Distributing an In-House App Developed with the Jamf Certificate SDK.
Viewing and Editing CA Information
After you add AD CS as a PKI Provider in Jamf Pro, you can use the PKI Certificates settings to view and edit information about the CA. For example, you may need to upload a new certificate after the current one expires.
To view CA information, log in to Jamf Pro and navigate to . Then click View for the AD CS certificate in the Manage CA column on the Certificate Authorities pane. Click Edit to make changes as needed.
Viewing AD CS Certificates
You can view the following information for a certificate issued by AD CS:
Certificate subject name
Certificate serial number
Device name associated with certificate
Username associated with certificate
CA Configuration name
Date/time issued
Expiration date/time
Status
To view information for AD CS certificates, log in to Jamf Pro and navigate to . To view a list of Expiring, Active, Inactive or All certificates, click the number displayed in the corresponding column on the Certificate Authorities pane.