Today we are deploying AD machine certificate through the Configuration Profile paylod - "AD Certificate". It has worked fine through the years, until Big Sur arrived and broke the "Enable Automatic renewal". We decided to move on with Jamf ADCS Connector and we are now in the final stage of testing before deploying it to our machines.
Our machines are AD bound and the certificate is used for VPN and Wi-Fi (WPA2 Enterprise)
What is best practice for pushing out the new profile? We are having problems with connecting to our wi-fi.
Pushing out the new ADCS profiles works fine, the computers gets a new certificate and it connects to the VPN, except it wont connect
to our corporate wi-fi.
Wi-Fi only works if we remove the old profile first and make sure there is no machine certificate left in the keychain. After that we can push out new the ADCS profile, then it will connect directly to the wi-fi without any issues.
Since all our users are working over VPN, we want to avoid any interruption of their vpn connection, if possible.
