AD CS Certificate Expiration/Renewal - Mobile Devices

New Contributor III

Hi all,

We're looking to roll out certificate-based wireless to our mobile devices with the AD CS connector (tested and working in our dev and prod environments). Our concern right now is whether or not the AD CS connector, or JAMF itself, will automatically renew the certificates for mobile devices. If not, our mobile devices will be dropped from our internal network as soon as that cert expires. I know this connector is still new and in its first release, but it's just a concern we have right now.



New Contributor III

Hey @tomgluver Great question, and yes the ADCS Connector with Jamf Pro will automatically renew the certificate 10 days before expiration. This has been noted in the ADCS Connector Technical Paper here:

New Contributor II

Hi @mwoodruff

We are looking to install certificate-based WIFI also and I trying to gather information and an understanding to provide to our network team.
On the Macs we are currently using RADUIS AD AUTHENTICATION am I right in thinking we can't use this method on IOS devices?
So the only way is installing the ADCS connector on a server to allow the trust.


New Contributor III

@adamnewman You absolutely should be able to use Radius based authentication for iOS devices, with the understanding that iOS/iPadOS is a single-user device, therefore device based authentication would be the best route since that also identifies the user. (Even in a Shared iOS experience in education, the device will only authenticate once using device based authentication compared to macOS.) The use of Jamf's ADCS integration is great when simple SCEP based obtainment of certificates are not available, but the organization has authorized the use of DCOM libraries in Microsoft CA.

New Contributor III

Hi everyone, i have a jamf ADCS connector in my internal network, which performs requests to my internal microsoft CA for wifi and vpn certificates. Since i have this configured; my jamf connector will auto renew all those certificates in my macs keychain that it issued, and it will renew them close to expiration automatically? how does jamf connector know what certificates are about to expire, and to reissue them? if this is true, then this is great, not sure yet how it works however.