How To Create JAMF Pro CA

Prerequisites

  1. Registering the application in your tenant
  2. Create EZCA Resource In Azure or Select Plan in EZCA
  3. Create Your SCEP CA

How To Configure JAMF Pro SCEP Certificate Authority - Video Version

  1. Once you have Created your Cloud SCEP CA, and downloaded your CA certificate, you will need to upload it to your JAMF Pro server.
  2. Log in to your JAMF Pro instance.
  3. Click on the Computer Icon and select “Configuration Profiles”. JAMF Pro Configuration Profiles for cloud Certificate Authority and SCEP
  4. Click on the “+ New” to add a new profile.
  5. Enter a name for the profile. Make sure that the level is set to “Computer”. JAMF Pro Configuration Profiles for cloud Certificate Authority and SCEP

How to Add Trusted Certificate in JAMF Pro

  1. First we will add the CA certificate to the profile. Click on the “Certificates” menu on the left. How to Add Trusted Certificate in JAMF Pro
  2. Click on “Configure” to add a new certificate.
  3. Enter a name for the certificate.
  4. Click on “Upload” to upload the CA certificate you downloaded from EZCA.
  5. Leave the password field blank.
  6. Click “Save”. How to Add Trusted Certificate in JAMF Pro

How to Add SCEP Profile in JAMF Pro

  1. Next, we will add the SCEP profile. Click on the “General” menu on the left.
  2. Select “SCEP” from the list of profiles on the left.
  3. Click on “Configure” to add a new SCEP profile.
  4. Now we have to get your SCEP URL. In another tab, navigate to your EZCA portal, click on “Certificate Authorities”, and select your SCEP CA. How to Add SCEP Profile in JAMF Pro
  5. Copy the Static Challenge SCEP URL. How to Add SCEP Profile in JAMF Pro
  6. Paste the URL into the “URL” field in JAMF Pro.
  7. Name the CA in the “Name” field. How to Add SCEP Profile in JAMF Pro
  8. The Set how many days before the certificate expires JAMF Pro should renew the certificate (we recommend 30-60 days before).
  9. Then we have to build how the certificate will be built you can see the full list of Jamf supported dynamic values here.
  10. Use those variables and any static values you want to build the certificate. How to Add SCEP Profile in JAMF Pro
  11. For the challenge, ensure that the challenge is set to “Static”.
  12. Now go back to the EZCA portal and copy the Static Challenge. How to Add SCEP Profile in JAMF Pro
  13. Paste the challenge into the “Challenge” field in JAMF Pro. This is the password JAMF Pro will use to authenticate with the SCEP server. How to Add Static SCEP Profile in JAMF Pro
  14. Enter the number of retries JAMF Pro should attempt if the SCEP server is unavailable.
  15. Enter the number of seconds JAMF Pro should wait between retries.
  16. Select the key size your certificate should be (4096 is recommended).
  17. Select how you want the key to be used (usually “Digital Signature, Key Encipherment”).
  18. Select wether the certificate should be accessible through other apps and if it should be exportable.
  19. Use the “Upload Certificate” button to upload the CA certificate you uploaded earlier. How to Add a SCEP Certificate Authority to JAMF Pro
  20. Click “Save”.
  21. Now that we have the trusted certificate and the SCEP profile, we want to scope the profile to the devices we want to receive the certificate.
  22. Click on the “Scope” tab.
  23. Select the devices you want to receive the certificate.
  24. Click “Save”. How to Add SCEP Profile in JAMF Pro
  25. After a few minutes, the devices you scoped the profile to will receive the certificate. In the image below, you can see the trusted CA in red and the SCEP profile in green. How to view issued certificate in JAMF Pro
  26. You can now use the certificate to secure your devices.