Home » Concepts » cybersecurity » Creating Public Certificate for Jamf Pro Server

Creating Public Certificate for Jamf Pro Server

January 5, 2023No CommentsSecurity

Using OpenSSL to Create a Certificate Keystore for Tomcat
Link: https://docs.jamf.com/technical-articles/Using_OpenSSL_to_Create_a_Certificate_Keystore_for_Tomcat.html

Step 1: Creating a Public Certificate for Your Jamf Pro Server
To create and configure a public certificate for your Jamf Pro server using OpenSSL, follow the appropriate set of instructions below.
Note: All commands in this procedure must be executed as root. On Linux, type sudo before each command. On Windows, you must execute the commands as administrator.
Creating the Certificate Using OpenSSL

Open the command prompt or Terminal.
Create a folder on your desktop named Certs and navigate to the directory using the following commands:

mkdir /path/to/Desktop/Certs
cd /path/to/Desktop/Certs

Generate a Private Key and CSR by executing a command similar to the following:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

When prompted, enter the appropriate information.
The certificate authority (CA) administrator should be able to provide the desired values for these fields. Ensure that you use a fully qualified domain name (FQDN), such as jamf.mycompany.com. Gotcha! If your servers has multiple hostnames, I have learned use the FQDN in the cert that you intend on using for access… in other words the friendlier – useable FQDN, not necessarily the stale, boring server name…

Note: These values will also be used to generate a self-signed certificate in the new private key. Using a self-signed certificate may result in the “Safari/Firefox can’t verify the identity of the website ” message unless the client machines have been advised to trust this self-signed certificate. If using a self-signed certificate, proceed to step 6.
Send the CSR you just created to a valid CA (public or internal).
You should receive a .crt, .cer, or .pem file in return. See your CA vendor’s documentation for more information.

openssl cer to p12 conversion

openssl x509 -in RETURNED_Base64combined.cer -out RETURNED_Base64combined.pem
openssl pkcs12 -export -out RETURNED_Base64combined.p12 -inkey privateKey.key
-in RETURNED_Base64combined.Pem
PROMPTED - Enter Export Password:
[Verifying - Enter Export Password:

openssl pkcs12 -export -out RETURNED_Base64combined.p12 -inkey privatekey.key
-in RETURNED_Base64combined.pem

Link:
https://docs.jamf.com/technical-articles/Enabling_SSL_on_Tomcat_with_a_Public_Certificate.html

Gotcha!Jamf Pro openssl PKI setup Signing Certificate ssl

Last updated on May 21, 2023

Ed Arnold

A Technical Project Manager and Senior Apple Macintosh (macOS), iOS and Jamf MDM Engineer with over 30 years of expertise, excelling in leading the integration, security, and management of complex networked computer systems. My skills span the design, deployment, and optimization of a wide range of technologies, including COTS, GOTS, and custom open-source solutions.

View All Posts

Comments

No comments yet. Why don’t you start the discussion?

Comments

Leave a Reply Cancel reply