Around this time last year I implemented Apple's automatic cert renewal for our AD-based computer certificates. I am now encountering the first certs to renew. I hate to use the word "renew" because they don't renew, they get new certs with the exact same name and updated expiration dates while the old certs stay in place. The presence of the old certs at the same time the new certs are in place is causing confusion. Especially when users try to connect via VPN they are prompted to pick a cert to authenticate their connection. Is there a way to find the most current computer certificate and delete all the others that doesn't require me to get hands on with each computer? None of our users have admin rights so having them do it themselves is out.
