jamf pro and the annual renewal of certificates


Hi folks,

we have been using jamf pro for almost a year now and we now have to renew the certificates for the first time. does anyone have a link to instructions on what needs to be renewed and how exactly it is done? I’m not a certificate expert, just a guy who needs them from time to time. it would be great if we could get some input or benefit from your experiences on how you approach the topic annually.

Cheers and thank you




Valued Contributor

If you did them all at set up, then you willprobably need to look for...
Apple Push Certificate. in Settings / Global Management / Push Certificates. You will need to find the Account details that made the Cert with Apple. Replacing it is easy enough, instructions are provided. You download a copy of a cert from the JAMF, upload to Apple, Then download the new cert from Apple and upload it to JAMF.
You may have a VPP cert from ABM or ASM, You will need a new token for that. in Settings / Global Management / Volume Purchasing.
And finally in Settings / Global Management / PKI Certificates > Management Certificate Template, Download a copy of your CA cert, and open in Text Edit. You should see its expiry date listed, these can vary  as to how long they last for, a year to years, depending on how it was set up. Also Same place for any External CA certs too. I have not replaced either of these, our network team are on the case there, and they do it for me whenever it needs doing.


I think that is all of them. The Apple Push Cert - Never let it expire before you put a new one in place. That will be a bad day at work if you let that happen (The fix is to re-enroll everything). The Apple certs only last for one year, so you will need to be replacing it at 364 days or sooner, which means setting a reminder in time earlier each year.

If I missed any I am pretty sure someone will jump in and let you know.