removing Jamf Pro Built-in CA

New Contributor III

I'm in the process of migrating users from a company we just purchased to our JAMF instance... i can remove the MDM profiles using using the command: "sudo jamf removeMdmProfile && sudo jamf removeFramework" through a policy, but the Jamf Pro Built-in CA is still there after that...

I want to be able to remove the Cert remotely without revoking the cert from all users at once...

Anyone have suggestions?


Valued Contributor II

@rhernandez_hg Check out man security and search for delete-certificate.

Cool command! That looks very powerful. For me, it still wasn't letting me remove that final CA Cert and I got the error.

"Unable to delete certificate matching 'XYZ Certificate Authority'"

Contributor II

I actually had a similar issue with one of our Macs after we migrated to the cloud....
I couldn't manually delete the cert via the GUI or using the security command.
What I ended up doing was:
booted into recovery mode and ran the following in terminal:
chflags norestricted /V//L/Keyc/*
then rebooted, and could delete the CA from the System.keychain