Disabling expiring configuration profile notification

bbot
Contributor

We have a configuration profile that contains certificates that are set to expire and Mac machines are getting a pop-up saying their configuration profiles have a certificate that are set to expire. Is there a way to disable this notification?

7 REPLIES 7

davidacland
Honored Contributor II
Honored Contributor II

I haven't heard of a way round that. Could you get an updated cert and update the config profile?

bentoms
Release Candidate Programs Tester

@bbot & @davidacland in the Certificate payload you can specify the notification threshold, as per the below.

Note: 0 days doesn't seem to work, so I guess 1 is the minimum.

5f932596a02c41e3875d30ae5f698abd

davidacland
Honored Contributor II
Honored Contributor II

Ah, forgot about AD certs, I was thinking of the main certificate payload.

bbot
Contributor

@bentoms That's perfect. Thanks!

@davidacland Yeah, that was the first thing I tried but 70% of the machines are failing to receive the updated configuration profile and receiving the two errors below. After talking to JAMF Support, they suggested creating and pushing out a completely new profile with the new AD certs.

Cannot replace profile '04D1878B-BD77-4593-BAA4-4EB5AAE99304' because it was not installed by the MDM server <MDMClientError:96>
Profile with identifier '04D1878B-BD77-4593-BAA4-4EB5AAE99304' not found. <MDMClientError:89>

bbot
Contributor

@bentoms When was the last time you tested the 0 for the certificate expiration notice? What happens when you use 0?

bentoms
Release Candidate Programs Tester

@bbot it was pre our annual cert expiry last month. It seemed to be ignored, so might not be a valid number for that setting.

(We extended our root CA so shouldn't see it again).

bbot
Contributor

@bentoms Thanks. I'll set it to 1 for now... definitely better than 14, but ideally we'd like to get rid of this notification for our users.