Step 6: Installing Jamf Pro

(Optional) Create a C:\temp\jamf directory in which to temporarily store downloads, tools, and scripts for Jamf Pro by executing:
```
mkdir C:\temp\jamf
```
Copy the ROOT.war file from the Jamf Pro manual download archive to the C:\temp\jamf directory that you just created.
Open Command Prompt.
Stop Tomcat by executing:
```
net stop Tomcat10
```

Rename the ROOT web app directory to something like TOMCAT in Windows Explorer or at the Command Prompt by executing a command similar to the following:

move "C:\Program Files\Apache Software Foundation\Tomcat 10.1\
  webapps\ROOT" "C:\Program Files\Apache Software Foundation\
  Tomcat 10.1\webapps\TOMCAT"

Copy the Jamf Pro ROOT.war web app to the Tomcat webapps directory in Explorer or at the Command Prompt by executing a command similar to the following:
```
copy C:\temp\jamf\ROOT.war "C:\Program Files\Apache Software Foundation\Tomcat 10.1\webapps\"
```

Generate a keystore to enable SSL for Tomcat by executing a command similar to the following:

"C:\Program Files\Amazon Corretto\jdk11.0.3_7\bin\keytool.exe" -genkey -alias tomcat -keyalg RSA -keypass "changeit" -storepass "changeit" -dname "CN=jamf.mycompany.com, OU=Jamf IT, O=Jamf, L=Minneapolis, ST=MN, C=US" -keystore "C:\Program Files\Apache Software Foundation\Tomcat 10.1\keystore" -validity <numdays>

Make sure to change the following attributes as appropriate to your site:


Attribute	Value	Example
CN=	Fully qualified domain name of the server	jamf.mycompany.com
OU=	Organizational unit	Jamf IT
O=	Organization	Jamf
L=	Location (city or office)	Minneapolis
ST=	State, province, or county	MN
C=	Country or region	US

Back up the Tomcat server.xml configuration file by executing a command similar to the following:

copy "C:\Program Files\Apache Software Foundation\Tomcat 10.1\conf\server.xml" "C:\Program Files\Apache Software Foundation\Tomcat 10.1\conf\server.xml.bak"

Open the server.xml configuration file.
Note:
You can do this with Wordpad, as long as the file is saved as a plain text document named server.xml.
Locate the following comment section in the file (note that this is the Connector on port 8443 not the Connector on port 8443 with HTTP/2 section):
```

```

Replace the commented out (initial ) Connector tag immediately following the comment (shown in "a" below) with the Connector tag text shown in "b" below:

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
     ...
-->
<!--
<Connector port="8443" ...
  ...
/>
-->

<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
           This connector uses the NIO implementation that requires the
           JSSE style configuration. When using the APR/native
           implementation, the OpenSSL style configuration is required
           as described in the APR/native documentation -->
<Connector URIEncoding="UTF-8"
           server="Apache Tomcat"
           port="8443"
           executor="tomcatThreadPool"
           SSLEnabled="true"
           maxPostSize="-1"
           scheme="https"
           protocol="org.apache.coyote.http11.Http11Nio2Protocol"
           sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
           secure="true">
  <SSLHostConfig sslProtocol="TLS"
                 protocols="TLSv1.2"
                 honorCipherOrder="true"
                 certificateVerification="none"
                 ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                          TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
                          TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
                          TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                          TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                          TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
                          TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
                          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                          TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
                          TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
                          TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
                          TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
                          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
                          TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
                          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
                          TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" >
    <Certificate type="RSA"
                 certificateKeystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 10.1\keystore"
                 certificateKeystorePassword="changeit" />
  </SSLHostConfig>
</Connector>

Go back to Command Prompt, and add a rule to the firewall configuration to allow access to port 8443 by executing:
```
netsh advfirewall firewall add rule name=Jamf_Secure dir=in action=allow protocol=TCP localport=8443
```

Open the log4j2.xml file and change all of the log file paths from the following:

fileName="/Library/JSS/Logs/[filename].log"
filePattern="/Library/JSS/Logs/[filename].log.%i">

to:

fileName="C:\Program Files\JSS\logs\[filename].log"
filePattern=" C:\Program Files\JSS\logs\[filename].log.%i">

Start Tomcat by executing the following command:
```
net start Tomcat10
```