For macOS endpoint installations, you might have to deploy _ca.cer and server.der certificates using Jamf.
To obtain the _ca.cer file, access the generate_root_ca tool from here. You can run this tool in the terminal to generate
the _ca.cer certificate along with the fpnpd.dat file in the installer folder.
To obtain the
server.der
certificate, you must create the self-signed certificate for the SSL identity and convert it to its binary encoded DER format. For instructions, refer to
Creating the Endpoint SSL Identity.
Note:
The agent requires a root CA to issue session certificates for the inline proxy, enabling TLS termination of web connections for Web channel (DLP or Web Security) policy
enforcement.
To avoid requiring users or administrators to manually trust the root CA on each device, use an MDM solution to deploy the certificate. When the certificate is deployed through
MDM, it is automatically trusted.
Although the agent can install the root CA certificate, it cannot automatically trust the certificate due to Apple security restrictions.
Follow the below steps to deploy the certificates using Jamf:
Steps
-
Open Jamf Pro, enter the administrator name and password, and then click Log in.
-
On the Computers tab, select Configuration Profiles.
-
Click New.
-
In General, enter the name for your configuration profile.
-
In Certificate, click Configure in Configure Certificate.
-
In the Certificate pane, enter the certificate name.
-
In Select Certificate Option, select Upload.
-
Click Choose File and select the certificate file.
-
Click Upload.
-
Set the profile scope to be delivered to all macOS endpoint machines.
- On the Computers tab, select Configuration Profiles, then select the configuration profile created.
- On the Scope tab, select All Computers and All Users. Alternatively, specify certain individuals or
groups to receive this profile.
- Click Save.
The configuration profile is pushed to the endpoint.