Hello,
we create at the moment certificates for SMIME via a configuration profile and selfservice only. This works fine, but a auto renew is not possible. So i played a little bit with the profiles. A automatic assigned configuration profile works perfect and the auto renew too. The only problem that i have with both of this solution that "creating / renew" a certificate overwrites automatic the current "expired / old" certificate. This is a big problem because in this case a old encrypted mail can not be opened because the old certificate and private key is missing.
Any ideas how can i change this to have the old / expired certificate in the keychain too with the new one?
We have a Jamf OnPrem System with a ADCS Connector and non AD Bounded Macs.