Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

What is a Jamf Push Certificate?

Do you use Apple devices in your work infrastructure? Then you’ve probably heard of Jamf. Jamf Pro is one of the most robust and feature-dense solutions for managing Apple devices.

To fully take advantage of Jamf Pro, you will need to understand some critical elements, one of which is a Jamf Push Certificate. But what is it, and why is it so important?

What is The Role of a Push Certificate in Jamf?

Quote Banner RADIUS and PKI

The push certificate serves as a channel through which Jamf Pro and Apple communicate. It’s a pivotal element of the Jamf infrastructure, enabling the Jamf Pro server to send commands to Apple devices remotely. This communication is critical for effective device management.

In order to manage Apple devices using Jamf Pro, you need to have an Apple push certificate. It’s the key that establishes a secure connection between Jamf and Apple’s Push Notification Service (APNS), enabling Jamf to send commands to Apple devices in a secure manner.

What is a Jamf Push Certificate?

In a nutshell, a Jamf Push Certificate allows your Jamf Pro server to communicate with Apple’s Push Notification Service (APNS). Simply put, it’s the vital cog that ensures the wheels of communication between Apple and your device management server (Jamf Pro) keep turning.

Without the push certificate, Jamf Pro can’t communicate with Apple devices. This communication is crucial as it enables the delivery of commands and settings to the devices. It’s akin to a passport, giving Jamf the authority to operate and manage your Apple devices.

How Jamf Communicates with Apple Push Notification Service

Jamf communicates with APNS by utilizing the push certificate to initiate, deliver, and acknowledge commands, all within a secure environment. Let’s break this down:

  • Initiation: Like every profound conversation, this process begins with an initiation. Jamf Pro server sends a command or settings to a device via APNS. This command could be anything from installing an app, enforcing a security setting or even wiping data from a lost device, and is made possible by the Jamf push certificate.
  • Delivery: APNS acts like a courier, delivering the message from Jamf to the respective Apple device. It does not store any data or commands, functioning solely as a secure conduit.
  • Response: The device then sends a request back to Jamf Pro to fetch the command or settings. This is similar to signing for a parcel delivery. Once received, the device acknowledges and performs the requested action.
  • Secure Relay: The entire process is securely encrypted and doesn’t require any user intervention. This secure link ensures that communication is not just effective, but secure.

Apple MDM and Jamf Push Certificates

Apple’s MDM (Mobile Device Management) and Jamf Pro are designed to work together. The Jamf push certificate plays an essential role in this partnership. The Jamf Push Certificates assist Apple MDM by enabling Jamf Pro to send commands to Apple devices remotely. This allows the administrators to manage and secure the devices effectively.

Source: Apple.com

Are Apple MDM Push Certificates Free?

Yes, Apple MDM push certificates are free to obtain. However, the process of acquiring an Apple push certificate requires you to have an Apple ID associated with your organization and the Jamf software.

How to Secure Communication with Jamf Push Certificates

Jamf Push Certificates are integral for securing communications between Jamf Pro and Apple devices. They create encrypted channels, ensuring that all transmitted data is safe from unauthorized access or breaches. Consequently, the Jamf Push Certificate guarantees the privacy and integrity of data during communication, making it an indispensable aspect in the realm of device management and security.

How to Push a Certificate through Jamf

To push a certificate through Jamf, you start by creating a certificate signing request, choose an existing or create a new Apple ID, then sign in to the Apple Push Certificates Portal. Here you can upload the certificate signing request file and finally download the created certificate and install it in your Jamf Pro server. Here’s a brief step-by-step guide:

  1. Begin by generating a certificate signing request within your Jamf Pro server.
  2. Afterward, select an existing Apple ID or create a new one, and sign in on the official Apple Push Certificates Portal.
  3. Once signed in, upload your prepared certificate signing request file.
  4. After successful upload, a push certificate is immediately created. Download this and install it within your Jamf Pro server to complete the process.
  5. This installed certificate allows Jamf to communicate with Apple devices and effectively manage them.

How to Renew Your MDM Jamf Certificate

Renewing MDM certificates is crucial for maintaining the operability of your mobile device management. By ensuring your certificates are always up-to-date, you prevent potential disruptions and maintain secure communication with your devices. Renewing your MDM certificate in Jamf Pro involves first checking its expiration date.

If it’s time to renew, head to Jamf Pro’s settings, download a new certificate signing request file, and submit it to Apple’s Push Certificates Portal. After downloading your new certificate, install it on your Jamf Pro server.

How To Update Your Apple Push Notification Service Certificate

Push certificates, while essential, are not the only method of ensuring an Apple device’s security. Device Attestation, introduced by Apple, adds another layer of security to Apple device management on Jamf by ensuring that the device has not been compromised and is “trustworthy”. The attestation service checks for any signs of tampering or jailbreaking, confirming that the device is operating within Apple’s guidelines. If the device passes Apple’s attestation checks, Jamf Pro can trust that it’s safe to send sensitive data and perform management tasks. It’s a powerful security feature that ensures the secure management of iOS devices.

SecureW2’s world-class PKI (Public Key Infrastructure) solution intertwines perfectly with Apple’s Managed Device Attestation service and Jamf’s MDM capabilities. Our PKI can leverage Managed Device Attestation to assure that digital certificates are only issued to secure Apple devices that have not been tampered with.

Extend the Security of Certificates to All Your Apple Devices with a PKI Built for Jamf

Digital certificates can be used for numerous cases, including Wi-Fi, VPN, application access, and even code-signing. A managed PKI such as SecureW2’s can make distributing these certificates a breeze. Our PKI was designed to integrate with all major MDMs, including Jamf. The end result is simplified, streamlined certificate lifecycle management, including automatic revocation based on groups in Jamf.

To top it all off, SecureW2’s turnkey PKI services are highly scalable, cost-effective, and easy-to-manage, making them an excellent choice for any organization in need of superior network security solutions. Check out our pricing to see if SecureW2’s certificates solutions can support your Jamf network.

Learn about this author

Amanda Tucker

Amanda is a copywriter from the beautiful (and oftentimes wild) state of Minnesota. Her passion for learning new things is demonstrated by a diverse writing portfolio and paralegal studies degree. When she's not writing for work, you can usually find her going down random research rabbit holes, playing tabletop RPGs, or listening to cybersecurity podcasts like Risky Business.

What is a Jamf Push Certificate?