• Apache Tomcat SSL: For an externally facing server you'll need to
install apublicly-trusted certificate.
• The built-in certificate authority is where you would configure Jamf
to talk to an external CA server. SKAT proxy and ADCS Connector
Settings are also configured here.
• Health Care Listener: Uses certificates to secure communication
inside the hospital network.
• Single Sign-On
• LDAP-S over SSL
• The enrollment process
• Signing QuickAdd package: requires an app distribution certificate from Apple. Thissame cert is used by
Composer to sign your other packages.
• Configuration Profiles: Config profiles created in Jamf Pro are signed automatically. This keeps them secure when
deployed. If you download aconfig directly from the console, it's already signed. That's why you can't view the raw
xml data with atext editor. If you need to edit aconfig profile created with Jamf, you'll need to unsign it first.
• App Provisioning Profile: Aprovisioning profile is adierent sort of profile that also uses acert. When working with
custom iOS apps, your developer might need you to deploy the app with aprovisioning profile. It's less common
today, but Jamf does support it.
• Developer Certificate: you would get that cert at developer.apple.com, among other certs you might need. The more
common method these days is to let Xcode create and embed the distribution certificates and provisioning profiles
for you automatically. Once that's done, you'll have yourself an in-house app: acustom iOS app that can be deployed
using Jamf to register test devices. If you need to deploy your custom app to hundreds of iOS devices or more, that
will require an Enterprise developer signing certificate.
• Apple deployment portals: strictly speaking, these next few are actually tokens, aprivate key. Device enrollment
and volume purchasing both get their certs from Apple using the token provided. (The more modern place to
find that information is in Apple School Manager or Apple Business Manager.)
• GSX (Global Service Exchange)
• Cloud Distribution Point (JCDS)
• Jamf Push Proxy: if you send notifications to your devices through self-service, you'll need apush proxy certificate.
They are automatically generated, so this one's easy to get set up.
• Patch Management and Customer Experience Metrics: while invisible to the Jamf admin, they do communicate
using certificates and are sent securely to our servers.
So, yes. Jamf uses certificates nearly everywhere in our portfolio. But none of them are the certs that are being
generated to install onto your devices.
PRO TIP!
Jamf Cloud takes care
of all of this web app
work automatically. You need not
ever worry about your TomCat
settings again.