Overview
You can integrate instances of Jamf Pro 10.23.0 or later with the Venafi Trust Protection Platform (TPP) to manage certificates. Venafi is a service provider that gives a single interface for many certificate authorities, enabling the request, renewal, and revocation of certificates. Venafi operates as a certificate manager between Jamf Pro and a certificate provider, such as AD CS and DigiCert.
You can use the PKI Certificates settings in Jamf Pro to integrate with Venafi TPP. The procedure requires configuring Jamf Pro and Venafi TPP simultaneously. It is important to note that each configuration is unique to your environment, and additional steps may be necessary.
Integrating Jamf Pro with Venafi Trust Protection Platform (TPP) involves the following steps:
-
Configure Venafi TPP
-
Install and configure the Jamf PKI Proxy and configure Venafi Settings in Jamf Pro
-
Create a configuration profile including a certificate payload in Jamf Pro
General Requirements
The following components are required:
-
Jamf PKI Proxy 1.4.0
-
Venafi Trust Protection Platform (TPP)
Communication
Jamf Pro uses the Jamf PKI Proxy to communicate with Venafi to obtain certificates. The following diagram illustrates how communication occurs between Jamf Pro, Venafi TPP, and devices that are enrolled in Jamf Pro.
Jamf Pro communicates with the Jamf PKI Proxy using mTLS v1.2 through v1.3.