Posted on 10-22-2019 09:04 AM
We have mac network clients who for some reason have more than one SCEP certificate version installed in their keychains after we pushed a SCEP package update out to them. The original cert is now invalid and we think it is causing authentication issues as it is being randomly selected and chosen when attempting to authenticate
We want to eliminate all currently installed SCEP certs and push out a new SCEP package with updated cert modifications that are compatible with macOS 10.15 and ios 10.13.
Is there a way to do this cert elimination through Jamf?
Posted on 10-22-2019 01:11 PM
Here's what I would try first:
1. Create a new config profile with the desired SCEP configuration
2. Deploy new cert using config profile from above
3. Exclude devices from scope of the profiles that delivered the old certs.