-
Familiarity with the following Jamf Pro-related concepts:
-
Public key infrastructure (PKI)
-
Computer and mobile device configuration profiles
-
-
Jamf Pro 10.40.0 or later
-
Jamf PKI Proxy 1.4.0 or later
-
Venafi Trust Protection Platform (TPP)
-
Configured access to Venafi TPP and have acquired the required Venafi TPP credentials. These credentials must have the ability to manage certificates via the Venafi API.
-
A policy configured for issuing certificates.
When using service-generated CSRs, the private key is generated and stored in Venafi TPP and then sent to the computer or mobile device. This provides the ability to decrypt data that was encrypted with the public key. In addition, when using service-generated CSRs, some of the configuration profile payload settings may not be applicable based on the Venafi TPP policy setup.
The only requirement for a policy in Venafi TPP is that a CA template be configured on the policy. The configuration profile payload will supply the Common Name and Friendly Name.
To issue and revoke certificates with a Venafi TPP integration, the Venafi TPP user configured on the Venafi TPP CA will need the following permissions in Venafi TPP: View, Read, Write, Create, Revoke, Private Key Read. The Venafi TPP user must also have Allow WebSDK Access enabled in Venafi TPP.