Integrating with Apple's Global Service Exchange (GSX)
You can integrate Jamf Pro with Apple's Global Service Exchange (GSX).
Before you can integrate Jamf Pro with GSX, you must have the following:
- A GSX Account with the "Manager" or "Administrator" role, access to Web Services, and access to coverage/warranty information
- An Apple certificate
This article explains how to create a GSX account and obtain an Apple certificate.
Creating a GSX Account
- Go to http://www.apple.com/support/programs/ssa/ to apply for a GSX account.
Note: To apply for a GSX account, you must have a service contract with Apple. Contact your Apple Account Executive to learn more about GSX.
- Log in to your GSX account at https://myaccess.apple.com/
- Click on My Team.
- Select a user from the list.
- On the Account Details page, click Global Service Exchange.
- Click Update Access.
- In the Business role dropdown, choose "Manager."
- In the Optional Privilege(s) dropdown, select the Web Services and Warranty Lookup checkboxes.
- Click Submit.
Obtaining an Apple Certificate
Obtaining an Apple certificate involves the following steps:
- Generate a certificate signing request (CSR).
- Send the CSR and your GSX account information to Apple.
Apple sends back Apple certificates (.pem).
- Convert the Apple certificates to .p12 format.
Step 1: Generate a CSR
You can use OpenSSL to generate a CSR.
Note: You can also generate a CSR using Java Keytool.
- Log in to OpenSSL.
- Create a key pair by executing the following command:
sudo openssl genrsa -aes256 -out privatekey.pem 2048
- Create a passphrase when prompted.
Note: This is the password you will use when accessing the private key.
- Create the CSR by executing the following command:
openssl req -new -sha256 -key privatekey.pem -out certreq.csr
- Enter the Country Name, State or Province Name, Locality Name, Organization Name, and Organizational Unit.
- When prompted to enter the Common Name, enter the following:
-For a test environment CSR, Applecare-APP157-[10DigitSoldTo].Test.apple.com
-For a production environment CSR, Applecare-APP157-[10DigitSoldTo].Prod.apple.com
(For example, Applecare-APP157-0000098765.Prod.apple.com.)
- When prompted for the email address, challenge password, and optional company name, do not enter any information. Press the Enter key for each prompt instead.
Step 2: Send the CSR and GSX Account Information to Apple
Send the unsigned CSR and the following GSX account information to firstname.lastname@example.org:
- GSX Sold-To account number
- Primary IT contact name
- Primary IT contact email
- Primary IT contact phone number
- Outgoing static IP address of the server that sends requests to GSX Production
If your environment is hosted on the Jamf Cloud, see the following Knowledge Base article for the IP address:
Permitting Inbound/Outbound Traffic with Jamf Cloud
Apple generates the Apple certificate (.pem) and sends a signed certificate and a chain certificate back to you.
(For example, Applecare-APP157-xxxxxxxxxx.Prod.apple.com.cert.pem and Applecare-APP157-xxxxxxxxxx.Prod.apple.com.chain.pem.)
Note: It may be helpful to rename the files “cert.pem” and “chain.pem” for use in final steps.
There may also be a file labeled “issuer” that is not needed for this process.
Step 3: Convert the Apple Certificate (.pem) to .p12 Format
Create a .p12 file using the private key and Apple certificates by executing the following command:
sudo openssl pkcs12 -export -inkey privatekey.pem -in cert.pem -out GSX_Cert.p12
Note: The GSX_Cert.p12 file contains your signed GSX certificate.
If you do not specify a path before the file name when running the above command, the file will be in your working directory.
The certificate is saved as a .p12 file in the location you specified.
For instructions on how to integrate Jamf Pro with GSX, see “Integrating with GSX” in the Jamf Pro