New JSS server with new SSL certificate. Will it keep communication with my existing enrolled devices ?

bountyman
New Contributor III

Hello Nation,

Our existing Jamf Pro, running on Debian, has been running for almost 4 years. The self-signed SSL certificate was created using Keytool and expires in 2018.
I want to build a new Jamf Pro server (would replace our existing one) on CentOS, of course DNS and IP won't change. I will import our DB.
My question is the following:

We have 550 iPads and around 1500 MacOS laptops. By generating a new SSL self-signed certificate from the new Jamf Pro, will I lose communication with my devices ?

On my JSS-Test VM, If I generate a new self-signed certificate from Jamf Pro, I don't lose communication with my test iPad and test MBA.
On the other hand, If I manually create a self-signed certificate using Keytool (the way we build the current Prod Jamf Pro SSL certificate), it loses communication with my pre-enrolled test devices.
So as long as I don't use Keytool, it seems to be OK.

I reached out to our TAM, but he wasn't sure. I also talked to an engineer @JNUC, he told me it "should" be fine.
Any advice is appreciated. Thank you.

2 REPLIES 2

perrycj
Contributor III

In my experiences, as long as the URL is the same (or the SAN in the certificate).. you won't lose communication.

bountyman
New Contributor III

So you had success moving to a new JAMF Pro server while using a different SSL cert and still keeping communication with your devices ? Are you using self signed certs ?