We have profile witch push machine cert and wifi with tls. We need to push this profile very 6 months or year. How can i do it? i can store .mobileconfig on Mac i think but how can i install it via policy?
Page 1 / 1
@wanoffski You can edit your existing profile and redeploy it. You can't store a .mobileconfig on a Mac and then use a Policy to deploy it.
@wanoffski You can edit your existing profile and redeploy it. You can't store a .mobileconfig on a Mac and then use a Policy to deploy it.
i need to do it automatically. How can i deploy it via policy can you please give a hint?
i need to do it automatically. How can i deploy it via policy can you please give a hint?
You can't do it via a Policy, it has to be a re-push of the Configuration Profile via Jamf Pro. Where are you getting the machine cert from? If you're using the AD CS or Venafi integration capability of Jamf Pro you can configure the profile to automatically renew the certificate.
As sdagley said you need to edit the configuration profile and redeploy it to update it on the devices, when you upload the new copy of the certificate each year this will deploy the new certificate. Unless you set up SCEP or an ADCS Connector you will need to manually do this. If you setup a SCEP server, or ADCS Connector and deploy those certificate payloads with Jamf they will auto renew without you ever needing to mess with the Configuration Profile or the device.
You cannot install a mobile config from CLI, and you cannot trust a certificate you add to the keychain from CLI. Certificates should always be deployed from a MDM. Even if you some how got the certificate in to the keychain, if it was not deployed in the same payload as the 802.1x network, macOS will not use that certificate to join the network.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.