Help

removing Jamf Pro Built-in CA

raphhyyy
New Contributor III

Posted on ‎03-19-2019 12:47 PM

I'm in the process of migrating users from a company we just purchased to our JAMF instance... i can remove the MDM profiles using using the command: "sudo jamf removeMdmProfile && sudo jamf removeFramework" through a policy, but the Jamf Pro Built-in CA is still there after that...

I want to be able to remove the Cert remotely without revoking the cert from all users at once...

Anyone have suggestions?

0 Kudos
Reply
3 REPLIES 3

dan-snelson
Valued Contributor II

Posted on ‎03-20-2019 10:30 AM

@rhernandez_hg Check out man security and search for delete-certificate.

0 Kudos
Reply

jonwolff
New Contributor
In response to dan-snelson

Posted on ‎03-09-2023 07:54 AM

Cool command! That looks very powerful. For me, it still wasn't letting me remove that final CA Cert and I got the error.

"Unable to delete certificate matching 'XYZ Certificate Authority'"
 
0 Kudos
Reply

tep
Contributor II

Posted on ‎03-20-2019 10:39 AM

I actually had a similar issue with one of our Macs after we migrated to the cloud....
I couldn't manually delete the cert via the GUI or using the security command.
What I ended up doing was:
booted into recovery mode and ran the following in terminal:
chflags norestricted /V//L/Keyc/*
then rebooted, and could delete the CA from the System.keychain

Reply