Description
Jamf recommends using a 3rd party SSL certificate for Tomcat. Having an active 3rd party SSL Certificate helps ensure devices can communicate with your Jamf Pro server.
GoDaddy SSL certificates are valid for 13 months. When your GoDaddy SSL certificate expires, it needs to be changed for devices to continue communicating with Jamf Pro.
Generating a new Private Key with Open SSL
You will need a Private Key and password for renewing the certificate in GoDaddy. If you have the private.key and Password previously used, go to step 1b in the next section. To generate a new private.key and password follow the steps below to do so using Open SSL.
Open the command prompt or Terminal.
Create a folder on your desktop named "Certs" and navigate to the directory using the following commands:
mkdir ~/Desktop/Certs
cd ~/Desktop/CertsGenerate a private key and CSR by executing a command similar to the following:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
When prompted, enter the appropriate information. The certificate authority (CA) administrator should be able to provide the desired values for these fields. Ensure that you use a fully qualified domain name (FQDN), such as "jamf.mycompany.com".
Open the CSR that was created with a text editor and copy all of the contents.
Renew the Certificate in GoDaddy
If you are re-issuing the SSL Certificate and created a new Private Key, use Step A below. If you are renewing the SSL Certificate and have the previously used Private Key and Password, use Step B.
Login to GoDaddy and re-issue the SSL Certificate so that the new Private Key is used to create the SSL Certificate.
Login to GoDaddy and renew the SSL Certificate.
In GoDaddy, download the Certificate using the Tomcat option.
Place the ˜gd_bundle-g2-g1.crt and the ˜x87f03jiejeus22wq.crt certificates in ~/Desktop/Certs.
Run the following commands in Terminal:
cat gd_bundle-g2-g1.crt x87f03jiejeus22wq.crt > combined.pem
openssl pkcs12 -export -in combined.pem -inkey privateKey.key -out cert.p12
Upload the Certificate in Jamf Pro
Follow the steps on the Enabling SSL on Tomcat with a Public Certificate Technical Article to import the certificate into Jamf Pro.