We're planning to change the SSL cert from the default built-in JSS cert from one of our trusted 3rd party vendors.
I've read a few of the threads here indicating that it is relatively straightforward, especially since the utility was added to the JSS Settings > Apache Tomcat Settings to update the cert from the web portal. Uploading the new certificate should not be a problem.
My question revolves around devices and propagation of the new cert. All corporate devices are enrolled in DEP.
Are there any concerns with devices that may not have contacted the JSS recently not being able to securely communicate (after the cert update), and thus not getting the new certificate? Will these devices need to be re-enrolled?
Any other gotchas that may affect support staff and user devices?
One of the support reps seemed to be confident that we could just go ahead and change it, but I'd rather be sure.
Thanks!
Some of the information I've referenced so far:
http://docs.jamf.com/10.5.0/jamf-pro/administrator-guide/SSL_Certificate.html
https://www.johnkitzmiller.com/blog/dep-fails-in-casper-when-using-a-publicly-trusted-ssl-certificate/
https://www.jamf.com/jamf-nation/articles/447/safely-configuring-ssl-certificate-verification
https://www.jamf.com/jamf-nation/articles/455/change-to-the-ssl-certificate-verification-setting-in-jamf-pro-9-98-or-later
https://www.jamf.com/blog/enhancements-to-certificate-security-for-mdm-enrollment/