Jamf Nation Community

Thank you for this comment! Super helpful to clarify a question I've always worried about. Like editing a name in a config profile or removing something from the scope.

A related question: I have been trying to clean up some old wifi configuration profiles, but I was worried that editing and removing from scope would cause an issue with the newer wifi config profiles and cause them all to disconnect. 
For example, I have a few straggling devices in my old 2024 wifi profile which is scoped to "All Managed Clients". But they also have the 2025 wifi profile and have been happily connected. 
If I remove "All Managed Clients" from the 2024 profile, it should not disconnect them from wifi because they won't get confused between the profiles if one is removed, correct? 

@miniberry I would _hope_ that's the case, but I have never tried installing multiple Configuration Profiles with Wi-Fi configurations. You'll need to try un-scoping a test machine to observe the behavior.

Thank you! I will test and see.

Thank you for your input. Yes, I have to do this as well, as most of our users are Gr.6 to Gr 12 students, and they are BYOD. So we have no control over them whatsoever. We will send an email to all of them, and the teachers. I figure a fair number of them will read and forget or not read the mail. But that's part of the business.

Hey, @ferriterj1  

yes it worked by just updating for me. I just added the new cert to the existing mobile device conf profile, and deployed it to all (rather than to newly assigned only) It effectively updated the profile with the new setting.

Thank you so much! It's not every day that you find someone to have the same issue and then an easy solution to it. This takes a load of my mind haha! 

To follow up on this, I'm curious. So did you upload the new wifi cert in the existing wifi profile that had the old cert, and then applied the profile to all, and they connected fine?

Yes, I went ahead and exported the cert from my Cisco ISE server and uploaded it to the profile. Since we had about three weeks before the old cert expired, I left the "about to expire" certs in the profile. Then, I saved the config and did the unthinkable of "apply to all". 

I wanted to get the new certs out to as many devices as possible before I had to switch Cisco ISE to the new certificate. But, they needed to stay connected so for now, so that's the reason for leaving the old certs.

I will say that 99.9% of devices stayed connected and the profile just updated. There were a couple of hiccups on a handful of devices, but since our device pool is around 7000, I'd take that any day!

When it came time to swap ISE to the new cert, I went ahead and removed the old certs from the profile and just did a "apply to newly assigned". I didn't want to press my luck with two "apply to all" even though I'm sure it would have worked fine. The old expired certs don't harm anything anyway.

Long story short, yes, upload your new radius certificate to your existing WiFi configuration profile and apply it to all devices when saving. No need to create a new configuration profile from my experience!

Oh.my.goodness! Thank you so much for the response! I think we may try this method and see if it works for us too. I have a much smaller environment (~700 Macs) but our process was different and this seems a lot more seamless.

I just came across this post and now I'm getting excited to hear there's possibly an easy solution! 🙌
Whenever we renew our wifi cert, we always went through a process of creating a new config profile for the new cert and doing a shuffle between the old to the new with different smart groups. So what I'm understanding is that we can just add the cert to the current profile and re-apply, and it will not disconnect all our users and cause them issues re-connecting? 
Does this work when it applies per device not per user?