diff --git a/lib/nerves_hub/devices.ex b/lib/nerves_hub/devices.ex
index 781741228..e1c0d70e6 100644
--- a/lib/nerves_hub/devices.ex
+++ b/lib/nerves_hub/devices.ex
@@ -390,6 +390,13 @@ defmodule NervesHub.Devices do
     |> Ecto.build_assoc(:ca_certificates)
     |> CACertificate.changeset(params)
     |> Repo.insert()
+    |> case do
+      {:ok, ca_certificate} ->
+        {:ok, Repo.preload(ca_certificate, jitp: :product)}
+
+      err ->
+        err
+    end
   end
 
   @spec create_ca_certificate_from_x509(Org.t(), X509.Certificate.t(), binary() | nil) ::
diff --git a/lib/nerves_hub_web/controllers/api/ca_certificate_controller.ex b/lib/nerves_hub_web/controllers/api/ca_certificate_controller.ex
index 4c4ed6d40..86dc6752a 100644
--- a/lib/nerves_hub_web/controllers/api/ca_certificate_controller.ex
+++ b/lib/nerves_hub_web/controllers/api/ca_certificate_controller.ex
@@ -33,7 +33,8 @@ defmodule NervesHubWeb.API.CACertificateController do
            not_before: not_before,
            not_after: not_after,
            der: X509.Certificate.to_der(cert),
-           description: Map.get(params, "description")
+           description: Map.get(params, "description"),
+           jitp: params["jitp"]
          },
          {:ok, ca_certificate} <- Devices.create_ca_certificate(org, params) do
       conn
diff --git a/test/nerves_hub_web/controllers/api/ca_certificate_controller_test.exs b/test/nerves_hub_web/controllers/api/ca_certificate_controller_test.exs
index b22adec91..53c6b5f1c 100644
--- a/test/nerves_hub_web/controllers/api/ca_certificate_controller_test.exs
+++ b/test/nerves_hub_web/controllers/api/ca_certificate_controller_test.exs
@@ -26,6 +26,25 @@ defmodule NervesHubWeb.API.CACertificateControllerTest do
       assert %{"description" => ^description} = resp_data
     end
 
+    test "supports valid JITP", %{conn: conn, org: org, product: %{id: pid, name: pname}} do
+      ca_key = X509.PrivateKey.new_ec(:secp256r1)
+      ca_cert = X509.Certificate.self_signed(ca_key, "CN=#{org.name}", template: :root_ca)
+      serial = X509.Certificate.serial(ca_cert) |> to_string
+      ca_cert_pem = X509.Certificate.to_pem(ca_cert)
+      description = "My ca"
+
+      jitp = %{description: "Jitter", tags: ["howdy"], product_id: pid}
+      params = %{cert: Base.encode64(ca_cert_pem), description: description, jitp: jitp}
+
+      conn = post(conn, Routes.api_ca_certificate_path(conn, :create, org.name), params)
+      resp_data = json_response(conn, 201)["data"]
+      assert %{"serial" => ^serial} = resp_data
+      assert %{"description" => ^description} = resp_data
+
+      assert %{"description" => "Jitter", "tags" => ["howdy"], "product_name" => ^pname} =
+               resp_data["jitp"]
+    end
+
     test "renders errors when data is invalid", %{conn: conn, org: org} do
       conn = post(conn, Routes.api_ca_certificate_path(conn, :create, org.name), cert: "")