Computer cert being auto deleted from keychain

DEllis05
New Contributor

When binding Macs to our domain we will import a computer cert so that the users Mac will be able to connect to our VPN and enterprise connect (can't do so without this cert). I have a user who is having this cert get auto removed from keychain and thus making him unable to connect to internal resources when working remotely. The cert that we import comes from our CA and is verified upon being imported.

My question is, is there a way I can look and see how/why this cert was removed?

4 REPLIES 4

LovelessinSEA
Contributor II

What is the scoping you're using for the configuration profile that has the AD certificate payload? I ran into this early on if the machine fell out of scope and the profile was removed, it removed the cert too. 

Scope is set to all computers. I even double checked the expiration date and it is set to 3/2025. 

szultzie
Contributor II

im seeing the same issue in our environment, @DEllis05 have you had any luck finding the cause, and a solution?

Sylvain
New Contributor II

We have the same problem in our environment. We also use the AD certificate payload. Sometimes the AD certificate as well as the configuration profile gets deleted. We have observed this problem whether the configuration profile is pushed via MDM features or installed manually. The protocol used by our CA server is RPC. Have you managed to resolve this issue?

Sylvain