Expired Push Certificate and Re Enrollment

New Contributor

Our institution's push certificate expired, a new one was created and uploaded.

My question is around getting the MDM profiles updated on our machines. Is there an easy way I can utilize JAMF (or even ARD?) to automatically update the MDM profile on all of our machines? We have ~200 Macs and I'm hoping we don't have to manually re-enroll them all.

Thank you in advance for any advice you can offer!


Contributor III

In my experience, you will need to re-enrol. I had it happen once, the warnings came in when I was on leave. Came back to chaos.
You might be able to get ARD to run the Jamf command line enrol command.

Usage:   jamf enroll [-prompt | -invitation] [-noRecon] [-noManage]

     -prompt         Prompts for JSS and SSH credentials.

     -invitation         Uses an invitation ID for credentials instead of a user name and password.

     -noRecon        Stops enroll from acquiring inventory.

     -noManage       Stops enroll from enforcing the management framework.

     -noPolicy       Stops enroll from checking for enrollment policies.

But getting your credentials in there will be the hard bit.

Valued Contributor

It also depends on if they were DEP/ADE enrolled originally. If they were the MDM profile may be non-removable and require a hands on re-enrollment to rid the machine of the expired one. You'll either need to attempt to remove it with the jamf binary or inside the recovery partition.

Either way I see a pair of sneakers and running from person to person in your future.