Requirements

Ensure the requirements for distributing configuration profiles are met by reviewing the requirements in the following sections of the Jamf Pro Administrator's Guide:

• Computer Configuration Profiles

• Mobile Device Configuration Profiles

1. Log in to Jamf Pro.

2. Create a new computer or mobile device configuration profile.

3. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.

4. Select the Certificate payload and click Configure.

5. In the Select Certificate Option pop-up menu, select your Venafi CA.

6. Enter the subject name.

   Note: You only need to enter the common name (CN) if all of the other subject attributes will be provided by the Venafi TPP.

7. Enter other certificate attributes, include UPNs, email addresses, and DNS names. The settings will vary depending on your policy.

8. The Key Type, Key Length, and Signature Hash values on the configuration profile may be overridden by the CA Template that is set on the Policy in Venafi TPP.

   Note: If the Key Type, Key Length, and Signature Hash values are locked on the Policy in Venafi TPP, and the values in the configuration profile do not match the Policy, the certificate will fail to be issued.

9. (Optional) Provide a CA Distinguished Name that will correspond to a CA Template in Venafi TPP.

   Note: If the CA Distinguished Name and the Zone are set in Jamf Pro and the CA Distinguished Name is different than the CA Template specified on the Policy in Venafi TPP, the CA Distinguished Name will override the CA Template used for issuing certificates.

10. Provide the Zone that will be the path to the Policy in Venafi TPP for issuing certificates, similar to the following:

    \VED\Policy\<PATH>\<TO>\<POLICY>

    Note: \VED should be the root of the path.

11. Click the Scope tab and configure the scope of the profile.

12. Click Save.