Skip to main content
Question

removing Jamf Pro Built-in CA

  • March 19, 2019
  • 3 replies
  • 13 views
R
Forum|alt.badge.img+4

I'm in the process of migrating users from a company we just purchased to our JAMF instance... i can remove the MDM profiles using using the command: "sudo jamf removeMdmProfile && sudo jamf removeFramework" through a policy, but the Jamf Pro Built-in CA is still there after that...

I want to be able to remove the Cert remotely without revoking the cert from all users at once...

Anyone have suggestions?

    3 replies

    dan-snelson
    Forum|alt.badge.img+28
    • dan-snelson
    • Honored Contributor
    • March 20, 2019

    @rhernandez_hg Check out man security and search for delete-certificate.

    T
    Forum|alt.badge.img+15
    • tep11
    • Valued Contributor
    • March 20, 2019

    I actually had a similar issue with one of our Macs after we migrated to the cloud....
    I couldn't manually delete the cert via the GUI or using the security command.
    What I ended up doing was:
    booted into recovery mode and ran the following in terminal:
    chflags norestricted /V//L/Keyc/*
    then rebooted, and could delete the CA from the System.keychain

    dan-snelson
    J
    Forum|alt.badge.img+1
    • jonwolff
    • New Contributor
    • March 9, 2023

    @rhernandez_hg Check out man security and search for delete-certificate.


    Cool command! That looks very powerful. For me, it still wasn't letting me remove that final CA Cert and I got the error.

    "Unable to delete certificate matching 'XYZ Certificate Authority'"
     
    Terms & ConditionsCookie settingsAccessibility statement