Push Certificate Replacments

New Contributor III

My push certificate is about to expire and I no longer have access to the account used to generate the original certificate. If I don't manage any mobile devices, will it be okay to replace the certificate? Will my machines automatically install/use the new certificate? Thanks.


Valued Contributor III

While you say you aren't dealing with mobile devices, I presume you are managing Macs...if you are managing Macs using the MDM framework, you will be affected by this. If you are using DEP-based enrollment, that gets worse.

Assuming you are not using DEP enrollment, you would not have to re-enroll the Macs but you would have to do run a script as root such as this one on each machine after you got a new push certificate uploaded:

jamf removeMDMProfile
rm -rf /var/db/ConfigurationProfiles
sleep 20
jamf mdm
sleep 20
jamf manage

Script shamelessly stolen from: https://www.jamf.com/jamf-nation/discussions/22545/how-to-have-jamf-re-add-mdm-profile