cancel
Showing results for 
Search instead for 
Did you mean: 

Cloudpath Enrollment System SCEP integration with JAMF

vijaykuniyal
RUCKUS Team Member

This article explains setting up a Cloudpath Enrollment System SCEP integration with JAMF for Apple device management.

Table of Contents

  • Cloudpath Configuration
  • JAMF Configuration
    >
    CONFIGURATION PROFILE
    >
    SCEP SETTING
    >
    CERTIFICATE SETTING
    >
    NETWORK SETTING

NOTE: JAMF User and user group mapping has not been covered in this module.

Cloudpath Configuration

Create a SCEP Key

In the Cloudpath admin user interface, go to Certificate Authority>>>
Manage Templates, then select the Certificate Template that will be used to issue the user/device certificates to the JAMF managed devices. Click on the “Manage” icon for the certificate template.

vijaykuniyal_0-1674685542461.png

Select the SCEP Keys tab and under SCEP Keys , click on the “Add SCEP Key” button.

vijaykuniyal_1-1674685542473.jpeg

 

In the “Create SCEP Key” page, set a display name and description for the SCEP key. Set an expiration date if required. Select “Require Challenge Password” and enter password. Leave the Configuration Information section at the default settings. Click Save.

vijaykuniyal_2-1674685542482.jpeg


Back in the SCEP Keys tab of the certificate template, click on the “Show” icon under SCEP Enroll URL column.

vijaykuniyal_3-1674685542486.jpeg

 

This will reveal the full SCEP Key URL. Copy the full SCEP Enroll URL to a text editor (Notepad) for later use.

vijaykuniyal_4-1674685542491.jpegRoot CA and Intermediate CA Export

The Root CA will be used in a later step to create a Trusted Certificate profile in JAMF.
To export the CA certificate, go to Certificate Authority>>>Manage CAs. Expand the Root section.

vijaykuniyal_5-1674685542496.jpeg

In the Public Key section, click on the “Download PEM” button. This will download a Base64 encoded DER file.

vijaykuniyal_6-1674685542502.png

Perform the same steps for the Intermediate CA certificate

vijaykuniyal_7-1674685542510.png

Get OCSP hash from Intermediate CA, it will be used in JAMF config later.

vijaykuniyal_8-1674685542517.jpeg

JAMF Configuration

CONFIGURATION PROFILES
Login into JAMF select Configuration Profiles>>>>New

vijaykuniyal_9-1674685925978.jpeg
Name: Name the profile and Save.

vijaykuniyal_10-1674685925984.jpegUnder New configuration profiles

SCEP SETTING
SCEP>>>Configure SCEP.

vijaykuniyal_11-1674685925989.jpeg

URL: SCEP url copied earlier from Cloudpath SCEP profile created earlier.
Subject: CN=$DEVICENAME for IOS
Subject: CN=$COMPUTERNAME for OSX

vijaykuniyal_12-1674685925996.jpeg

vijaykuniyal_1-1682633740542.png

 

 

Challenge and Verify Challenge: From Cloudpath SCEP Profile
Retires: 2
Retry Delay: 3

vijaykuniyal_13-1674685926003.jpeg

Key Size: 2048
Fingerprint: OCSP Hash from Cloudpath Intermediate CA

vijaykuniyal_14-1674685926010.jpeg

CERTIFICATE SETTING
Select Certificate
>>>Configure Certificate

vijaykuniyal_15-1674685926016.jpeg

Import Root CA

Upload Root cert downloaded earlier from Cloudpath.

vijaykuniyal_16-1674685926022.jpeg

Click on + to add more cert.

vijaykuniyal_17-1674685926023.jpeg

Import Intermediate CA

Upload Intermediate cert downloaded earlier from Cloudpath.

vijaykuniyal_18-1674685926031.jpeg

NETWORK SETTING
Network >>>Configure Network>>>Configure

vijaykuniyal_19-1674685926037.jpeg

Service Set Identifier(SSID😞 Name of the SSID

vijaykuniyal_20-1674685926043.jpeg

Security Type: WPA2 Enterprise
Accepted EAP Types: TLS

vijaykuniyal_21-1674685926049.jpeg

Select TRUST tab as shown in this screenshot.

vijaykuniyal_2-1675273352870.png

Identity Certificate: Select SCEP profile created earlier.
Trusted Certificates: Select Root CA and Intermediate CA.

vijaykuniyal_22-1674685926055.jpeg

 

 

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA
8 REPLIES 8

froi_borja_ama
New Contributor II

Hi Vijay,

Currently we do not see the option for the trusted certificates box on our jamf pro upon doing the instructions on the last image.  We are currently using Jamf Pro version 10.42.1-t1667311080. Will this affect the expected output?

Hi @froi_borja_ama,

I have added 1 more screenshot before the last image, hope that will help.

vijaykuniyal_0-1675273601086.png

 

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA

Hi Vijay

For the CN, can we use other format that gets the username instead of the text $DEVICENAME. Please see screenshot below for reference.

froi_borja_ama_0-1677474648813.png

 

vijaykuniyal
RUCKUS Team Member

Hi @froi_borja_ama,

I have not tested with username, but for cert assignment with username, I assume changing this setting in JAMF to CN=$USERNAME should work.

vijaykuniyal_0-1677514655594.png

Let me know if it works.

 

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA