Jamf Nation Community

bbot · ‎10-24-2015

We have a configuration profile that contains certificates that are set to expire and Mac machines are getting a pop-up saying their configuration profiles have a certificate that are set to expire. Is there a way to disable this notification?

davidacland · ‎10-24-2015

I haven't heard of a way round that. Could you get an updated cert and update the config profile?

bentoms · ‎10-25-2015

@bbot & @davidacland in the Certificate payload you can specify the notification threshold, as per the below.

Note: 0 days doesn't seem to work, so I guess 1 is the minimum.

davidacland · ‎10-25-2015

Ah, forgot about AD certs, I was thinking of the main certificate payload.

bbot · ‎10-26-2015

@bentoms That's perfect. Thanks!

@davidacland Yeah, that was the first thing I tried but 70% of the machines are failing to receive the updated configuration profile and receiving the two errors below. After talking to JAMF Support, they suggested creating and pushing out a completely new profile with the new AD certs.

Cannot replace profile '04D1878B-BD77-4593-BAA4-4EB5AAE99304' because it was not installed by the MDM server <MDMClientError:96>
Profile with identifier '04D1878B-BD77-4593-BAA4-4EB5AAE99304' not found. <MDMClientError:89>

bbot · ‎10-26-2015

@bentoms When was the last time you tested the 0 for the certificate expiration notice? What happens when you use 0?

bentoms · ‎10-27-2015

@bbot it was pre our annual cert expiry last month. It seemed to be ignored, so might not be a valid number for that setting.

(We extended our root CA so shouldn't see it again).

bbot · ‎10-27-2015

@bentoms Thanks. I'll set it to 1 for now... definitely better than 14, but ideally we'd like to get rid of this notification for our users.

Jamf Nation Community

Disabling expiring configuration profile notification