This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cloudpath Enrollment System SCEP integration with JAMF

vijaykuniyal
RUCKUS Team Member

‎01-25-2023 03:43 PM - edited ‎04-27-2023 03:18 PM

This article explains setting up a Cloudpath Enrollment System SCEP integration with JAMF for Apple device management.

Table of Contents

  • Cloudpath Configuration
  • JAMF Configuration
    >    CONFIGURATION PROFILE
    >    SCEP SETTING
    >    CERTIFICATE SETTING
    >    NETWORK SETTING

NOTE: JAMF User and user group mapping has not been covered in this module.

Cloudpath Configuration

Create a SCEP Key

In the Cloudpath admin user interface, go to Certificate Authority>>> Manage Templates, then select the Certificate Template that will be used to issue the user/device certificates to the JAMF managed devices. Click on the “Manage” icon for the certificate template.

vijaykuniyal_0-1674685542461.png

Select the SCEP Keys tab and under SCEP Keys , click on the “Add SCEP Key” button.

vijaykuniyal_1-1674685542473.jpeg

 

In the “Create SCEP Key” page, set a display name and description for the SCEP key. Set an expiration date if required. Select “Require Challenge Password” and enter password. Leave the Configuration Information section at the default settings. Click Save.

vijaykuniyal_2-1674685542482.jpeg


Back in the SCEP Keys tab of the certificate template, click on the “Show” icon under SCEP Enroll URL column.

vijaykuniyal_3-1674685542486.jpeg

 

This will reveal the full SCEP Key URL. Copy the full SCEP Enroll URL to a text editor (Notepad) for later use.

vijaykuniyal_4-1674685542491.jpegRoot CA and Intermediate CA Export

The Root CA will be used in a later step to create a Trusted Certificate profile in JAMF.
To export the CA certificate, go to Certificate Authority>>>Manage CAs. Expand the Root section.

vijaykuniyal_5-1674685542496.jpeg

In the Public Key section, click on the “Download PEM” button. This will download a Base64 encoded DER file.

vijaykuniyal_6-1674685542502.png

Perform the same steps for the Intermediate CA certificate

vijaykuniyal_7-1674685542510.png

Get OCSP hash from Intermediate CA, it will be used in JAMF config later.

vijaykuniyal_8-1674685542517.jpeg

JAMF Configuration

CONFIGURATION PROFILES
Login into JAMF select Configuration Profiles>>>>New

vijaykuniyal_9-1674685925978.jpeg
Name: Name the profile and Save.

vijaykuniyal_10-1674685925984.jpegUnder New configuration profiles

SCEP SETTING
SCEP>>>Configure SCEP.

vijaykuniyal_11-1674685925989.jpeg

URL: SCEP url copied earlier from Cloudpath SCEP profile created earlier.
Subject: CN=$DEVICENAME for IOS
Subject: CN=$COMPUTERNAME for OSX

vijaykuniyal_12-1674685925996.jpeg

vijaykuniyal_1-1682633740542.png

 

 

Challenge and Verify Challenge: From Cloudpath SCEP Profile
Retires: 2
Retry Delay: 3

vijaykuniyal_13-1674685926003.jpeg

Key Size: 2048
Fingerprint: OCSP Hash from Cloudpath Intermediate CA

vijaykuniyal_14-1674685926010.jpeg

CERTIFICATE SETTING
Select Certificate>>>Configure Certificate

vijaykuniyal_15-1674685926016.jpeg

Import Root CA

Upload Root cert downloaded earlier from Cloudpath.

vijaykuniyal_16-1674685926022.jpeg

Click on + to add more cert.

vijaykuniyal_17-1674685926023.jpeg

Import Intermediate CA

Upload Intermediate cert downloaded earlier from Cloudpath.

vijaykuniyal_18-1674685926031.jpeg

NETWORK SETTING
Network >>>Configure Network>>>Configure

vijaykuniyal_19-1674685926037.jpeg

Service Set Identifier(SSID😞 Name of the SSID

vijaykuniyal_20-1674685926043.jpeg

Security Type: WPA2 Enterprise
Accepted EAP Types: TLS

vijaykuniyal_21-1674685926049.jpeg

Select TRUST tab as shown in this screenshot.

vijaykuniyal_2-1675273352870.png

Identity Certificate: Select SCEP profile created earlier.
Trusted Certificates: Select Root CA and Intermediate CA.

vijaykuniyal_22-1674685926055.jpeg

 

 

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA
Labels:
8 REPLIES 8

froi_borja_ama
New Contributor II
In response to vijaykuniyal

‎02-27-2023 02:54 PM

Hi Vijay, 

I did some trial and error and this is what I'm getting the following below.

CN=$USERNAME -> $NAME
CN=$MACADDRESS -> actual mac add
CN=$SERIALNUMBER -> actual serial
CN=$HOSTNAME -> $HOSTNAME

0 Kudos

froi_borja_ama
New Contributor II
In response to vijaykuniyal

‎03-04-2023 06:31 PM

Hi Vijay, 

I have done a trial and error regarding the subject and here is what I have got so far:

Config                  Output

CN=$DEVICENAME   -> "$DEVICENAME"
CN=$USERNAME   -> SCEP certificate installation failing
CN=$EMAILADDRESS.  -> "ADDRESS"
CN=$SERIALNUMBER.  -> Actual serial number

0 Kudos

vijaykuniyal
RUCKUS Team Member

‎03-06-2023 08:23 AM

Hi @froi_borja_ama,

The 2 environment variable for username are $USERNAME and ${ROLLUP_USERNAME}.

vijaykuniyal_1-1678119734915.png

 

vijaykuniyal_0-1678119709777.png

Test using ${ROLLUP_USERNAME}.

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA
0 Kudos

vijaykuniyal
RUCKUS Team Member

‎04-27-2023 03:21 PM - edited ‎04-27-2023 03:23 PM

Hi @froi_borja_ama,

Did you try with $USER for OSX.

Detailed list of variables can be found here for JAMF.

https://docs.jamf.com/10.41.0/jamf-pro/documentation/Computer_Configuration_Profiles.html


Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA
Copyright © 2024 Khoros, LLC