Posted on 05-22-2023 07:45 AM
Hello,
With the new certificate renewal procedure I had to reconnect directly to the Apple site which manages the certificates.
The problem is that the specific Apple ID we used for this when originally installing the product, is now asking me for answers to the passphrases we lost. And therefore I cannot access the certificate management.
To work around this I used another Apple ID from our company to generate a new certificate.
But after installing it in our Jamf server, I notice that the push no longer works: In view of the logs, it comes from the certificate.
Is there a way to force Jamf and associated devices to use the new certificate from another Apple account?
If not, what is the procedure with Apple to recover the original account that managed the push certificate for our Jamf server?
Thanks in advance for your suggestions.
Regard's
Stéphane
Solved! Go to Solution.
05-22-2023 09:14 AM - edited 05-22-2023 09:18 AM
Replacing the certificate with a different topic (e.g. using another Apple ID) will break MDM communication. By creating a new certificate, the trust is broken and re-enrollment is the only way to get them communicating again. Jamf would have warned against this when uploading as it checks for this before applying the new certificate.
Another admin posted a few weeks ago that something similar happened, and he was able to restore MDM communication with most of his fleet by re-applying the correct certificate.
If you cannot access the old account, contact Apple Support for assistance. I believe you have 30 days to renew an expired MDM Push Certificate.
If I can make a suggestion, storing credentials, recovery keys and security questions/answers in a secure password manager is essential for things like this.
I would definitely engage Jamf Support at this point too.
Posted on 05-22-2023 07:47 AM
In addition:
We are on version 10.44.1-t1677509507 of Jamf Pro under RedHat.
05-22-2023 09:14 AM - edited 05-22-2023 09:18 AM
Replacing the certificate with a different topic (e.g. using another Apple ID) will break MDM communication. By creating a new certificate, the trust is broken and re-enrollment is the only way to get them communicating again. Jamf would have warned against this when uploading as it checks for this before applying the new certificate.
Another admin posted a few weeks ago that something similar happened, and he was able to restore MDM communication with most of his fleet by re-applying the correct certificate.
If you cannot access the old account, contact Apple Support for assistance. I believe you have 30 days to renew an expired MDM Push Certificate.
If I can make a suggestion, storing credentials, recovery keys and security questions/answers in a secure password manager is essential for things like this.
I would definitely engage Jamf Support at this point too.
Posted on 05-23-2023 07:49 AM
Hello,
With the telephone intervention of Apple support I was able to unblock the situation.
Regard's
Stéphane