Skip to main content

Transition from API to SCEP integration

If you currently integrate with DigiCert​​®​​ Trust Lifecycle Manager using the API, you can transition to SCEP-based integration using one of the following methods. DigiCert recommends using SCEP with Jamf Pro as it offers the highest level of security and the most certificate options.

Integration method

Description

SCEP integration

Select this method to facilitate the configuration by automatically creating seat records in Trust Lifecycle Manager for enrolled certificates.

SCEP integration (manual seat creation)

Select this method if you prefer to create seat records manually before enrolling certificates via SCEP.

警告

If any Jamf-managed devices have already enrolled certificates from Trust Lifecycle Manager using the API integration method, there is a known issue when transitioning to SCEP. Refer to the following section for details.

Known issue

When transitioning from API to SCEP for Jamf Pro, there is a known issue related to the email addresses in seat records for existing certificates in Trust Lifecycle Manager. Use one of the following solutions to address this issue, so existing Jamf users can start enrolling certificates via SCEP.

This solution involves disabling notifications for the certificate requester in the SCEP certificate profile in Trust Lifecycle Manager. You can disable it when you first create the new SCEP profile or else edit the SCEP profile after creating it:

  1. In the profile configuration wizard, navigate to the Additional options screen.

  2. In the Email configuration and notifications section, uncheck the option to notify the Requester.

  3. On the final screen of the profile wizard, select Create or Update to save your changes.

This solution involves updating the value of the Email field for existing seat records in Trust Lifecycle Manager. For existing seat records created through the API integration method, the email address is set to not.applicable@example.com. To transition to the SCEP integration method, you must change it to a different email address.

To bulk update the email address in multiple seats at once in Trust Lifecycle Manager, create a CSV file in the following format:

seat_name,seat_id,business_unit_id,email
Admin Macbook Pro,K2YL4QH3FZ,2edf100e-0916-402d-835b-dc4915d4df28,admin1@example.com
j.smith iPhone,C02G80DHMD6R,2edf100e-0916-402d-835b-dc4915d4df28,user1@example.com

To bulk update the seat records in Trust Lifecycle Manager from the CSV file:

  1. From the Trust Lifecycle Manager menu, go to Account > Seats.

  2. Select Manage seats in bulk on the top-right.

  3. Complete the Manage seats in bulk (via CSV file) form:

    • Seat type: Select the seat type (either Device or User) for the type of certificates to update.

    • Operation: Select Create/Update seats.

    • Do you wish to enroll the Seats against a profile: Leave unchecked.

    • Submit CSV file: Drag your CSV file to the provided area or select Browse files to select it from your computer.

      注記

      The system validates your CSV file to ensure it's in the correct format. If you get an error, update the CSV file and try again.

  4. As soon as you upload the CSV file, the system updates the corresponding seat records. To see a report of all the seats updated and the current status of each, select the Download results JSON link at the bottom.

  5. When you're finished, select the Ok button to return to the main Account > Seats page. The seats you updated should show the new email addresses in the table here.