Help

Renew profile on mac every year

wanoffski
New Contributor

2 weeks ago

We have profile witch push machine cert and wifi with tls. We need to push this profile very 6 months or year. How can i do it? i can store .mobileconfig on Mac i think but how can i install it via policy?

0 Kudos
Reply
4 REPLIES 4

sdagley
Esteemed Contributor II

2 weeks ago

@wanoffski You can edit your existing profile and redeploy it. You can't store a .mobileconfig on a Mac and then use a Policy to deploy it.

0 Kudos
Reply

wanoffski
New Contributor
In response to sdagley

2 weeks ago

i need to do it automatically. How can i deploy it via policy can you please give a hint?

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to wanoffski

2 weeks ago

You can't do it via a Policy, it has to be a re-push of the Configuration Profile via Jamf Pro. Where are you getting the machine cert from? If you're using the AD CS or Venafi integration capability of Jamf Pro you can configure the profile to automatically renew the certificate.

0 Kudos
Reply

AJPinto
Esteemed Contributor

2 weeks ago - last edited 2 weeks ago

As sdagley said you need to edit the configuration profile and redeploy it to update it on the devices, when you upload the new copy of the certificate each year this will deploy the new certificate. Unless you set up SCEP or an ADCS Connector you will need to manually do this. If you setup a SCEP server, or ADCS Connector and deploy those certificate payloads with Jamf they will auto renew without you ever needing to mess with the Configuration Profile or the device.

 

You cannot install a mobile config from CLI, and you cannot trust a certificate you add to the keychain from CLI. Certificates should always be deployed from a MDM. Even if you some how got the certificate in to the keychain, if it was not deployed in the same payload as the 802.1x network, macOS will not use that certificate to join the network.

0 Kudos
Reply