Integrate with Active Directory Certificate Services
You can configure the PKI Certificates settings in Jamf Pro to use Active Directory Certificate Services (AD CS) as a PKI Provider.
Adding AD CS as a PKI Provider in Jamf Pro requires you to configure the following settings:
-
AD CS Integration—These settings define the location of the CA server for Jamf Pro.
-
Jamf AD CS Connection—These settings enable Jamf Pro to securely communicate with AD CS via the Jamf AD CS Connector.
Note: The Jamf AD CS Connector is a service provided by Jamf Pro that must be installed prior to configuring the Jamf AD CS Connection settings in Jamf Pro. For more information, see Install the Jamf AD CS Connector.
After you add AD CS as a PKI Provider in Jamf Pro, you can use the PKI Certificates settings in Jamf Pro to view and edit information about the CA.
In addition, you can use the PKI Certificates settings to view information about the active, expired, or inactive AD CS certificates that have been distributed to devices via configuration profiles.
Requirements
To integrate with AD CS, you must install the Jamf AD CS Connector. For more information, see Install the Jamf AD CS Connector.
In addition, you need the Jamf AD CS Connector certificates that are generated when you install the Jamf AD CS Connector. For more information, see "Jamf AD CS Connector Certificates" in Install the Jamf AD CS Connector.
Adding AD CS as a PKI Provider in Jamf Pro
Adding AD CS as a PKI Provider in Jamf Pro requires you to configure the AD CS Integration settings and the Jamf AD CS Connection settings.
-
Log in to Jamf Pro.
-
In the top-right corner of the page, click Settings .
-
Click Global Management.
-
Click PKI Certificates .
-
Click the Certificate Authority tab, and then click Configure New Certificate Authority.
-
Select Active Directory Certificate Services (AD CS) and click Next.
-
Configure the AD CS Integration settings:
-
Enter the fully qualified domain name of the server that hosts AD CS in the Fully Qualified Domain Name field.
-
Enter the name of the certificate authority in the CA Name field.
-
-
Configure the Jamf AD CS Connector settings:
-
Enter the URL for the location of the Jamf AD CS Connector. If you are using an IP address, contact Jamf Support.
-
To upload the server certificate (.pem or .cer), click Upload and follow the onscreen instructions.
This certificate is generated during the Jamf AD CS Connector installation. For more information, see "Jamf AD CS Connector Certificates" in Install the Jamf AD CS Connector. -
To upload the client certificate (.pfx or .p12), click Upload and follow the onscreen instructions.
This certificate is generated during the Jamf AD CS Connector installation. For more information, see "Jamf AD CS Connector Certificates" in Install the Jamf AD CS Connector.
-
-
Click Save.
-
Click Done.
AD CS is listed as a CA on the Certificate Authorities pane.
When integration with AD CS is complete, you can use Jamf Pro to distribute certificates to devices using configuration profiles with AD CS as the CA. For more information, see Distribute Certificates Using Configuration Profiles.
In addition, if your environment uses in-house apps that have been developed with the Jamf Certificate SDK, you can use Jamf Pro to distribute them. For more information, see Distribute In-House Apps Developed with the Jamf Certificate SDK.
Viewing and Editing CA Information
After you add AD CS as a PKI Provider in Jamf Pro, you can use the PKI Certificates settings to view and edit information about the CA. For example, you may need to upload a new certificate.
-
Log in to Jamf Pro.
-
In the top-right corner of the page, click Settings .
-
Click Global Management.
-
Click PKI Certificates .
-
Click View for the AD CS certificate in the Managed CA column on the Certificate Authorities pane.
The AD CS Integration settings and AD CS Connection Service settings are displayed. -
Do one of the following:
-
Click Done to return to the list of certificates.
-
Click Edit and make changes as needed. Click Save, and then click Done to return to the list of certificates.
-
Viewing AD CS Certificates
You can view the following information for a certificate issued by AD CS:
-
Certificate subject name
-
Certificate serial number
-
Device name associated with certificate
-
Username associated with certificate
-
CA Configuration name
-
Date/time issued
-
Expiration date/time
-
Status
-
Log in to Jamf Pro.
-
In the top-right corner of the page, click Settings .
-
Click Global Management.
-
Click PKI Certificates .
-
To view a list of Expiring, Active, Inactive or All certificates, click the number displayed in the corresponding column on the Certificate Authorities pane.
A list of certificates issued by AD CS is displayed. -
Click on the certificate subject of the certificate you want to view.
Information about the certificate is displayed. -
Click Done to return to the list of certificates.