This article explains setting up a Cloudpath Enrollment System SCEP integration with JAMF for Apple device management.
Table of Contents
NOTE: JAMF User and user group mapping has not been covered in this module.
Create a SCEP Key
In the Cloudpath admin user interface, go to Certificate Authority>>> Manage Templates, then select the Certificate Template that will be used to issue the user/device certificates to the JAMF managed devices. Click on the “Manage” icon for the certificate template.
Select the SCEP Keys tab and under SCEP Keys , click on the “Add SCEP Key” button.
In the “Create SCEP Key” page, set a display name and description for the SCEP key. Set an expiration date if required. Select “Require Challenge Password” and enter password. Leave the Configuration Information section at the default settings. Click Save.
Back in the SCEP Keys tab of the certificate template, click on the “Show” icon under SCEP Enroll URL column.
This will reveal the full SCEP Key URL. Copy the full SCEP Enroll URL to a text editor (Notepad) for later use.
Root CA and Intermediate CA Export
The Root CA will be used in a later step to create a Trusted Certificate profile in JAMF.
To export the CA certificate, go to Certificate Authority>>>Manage CAs. Expand the Root section.
In the Public Key section, click on the “Download PEM” button. This will download a Base64 encoded DER file.
Perform the same steps for the Intermediate CA certificate
Get OCSP hash from Intermediate CA, it will be used in JAMF config later.
Login into JAMF select Configuration Profiles>>>>New
Name: Name the profile and Save.
Under New configuration profiles
URL: SCEP url copied earlier from Cloudpath SCEP profile created earlier.
Subject: CN=$DEVICENAME for IOS
Subject: CN=$COMPUTERNAME for OSX
Challenge and Verify Challenge: From Cloudpath SCEP Profile
Retry Delay: 3
Key Size: 2048
Fingerprint: OCSP Hash from Cloudpath Intermediate CA
Select Certificate>>>Configure Certificate
Import Root CA
Upload Root cert downloaded earlier from Cloudpath.
Click on + to add more cert.
Import Intermediate CA
Upload Intermediate cert downloaded earlier from Cloudpath.
Network >>>Configure Network>>>Configure
Service Set Identifier(SSID😞 Name of the SSID
Security Type: WPA2 Enterprise
Accepted EAP Types: TLS
Select TRUST tab as shown in this screenshot.
Identity Certificate: Select SCEP profile created earlier.
Trusted Certificates: Select Root CA and Intermediate CA.
Currently we do not see the option for the trusted certificates box on our jamf pro upon doing the instructions on the last image. We are currently using Jamf Pro version 10.42.1-t1667311080. Will this affect the expected output?