Jamf Nation Community

I do have a configuration profile that triggers during the first login for the user. How would I configure the profile to activate again at login 2 before the cert expires?

when you make changes to a configuration profile it then asks you what machines you want to distribute it to, i would choose distribute to all.

I tried making a change by adding require a password and then removing it to see if it will be invoke a "distribute to all devices" but I'm not getting that message. Appears to just save.

I can edit another configuration profile and it'll give me the prompt to distribute to all devices or only new devices. Is there a setting I'm missing?

@brandobot that won't trigger a change as the end profile is the same.

Have you a new cert? Add that & then you should be able to push.

@bentoms not yet, but as soon as I get it, I will give it a try.

Thanks all!

I've been trying to figure out how this is supposed to be done. We have AD Certs being issued with our 802.1x policy and when the certs get within 14 days of expiring a year later, users are notified that the cert is about to expire. When users go to System Preferences > Profiles and click on the 802.1x profile, there's an Update button they can click. The problem is that it doesn't actually RENEW the existing cert. It requests a new cert from our CA server. After it completes the "update", the computer then has 2 certificates named the same thing (the computer name). One that is expired and one that is new. Depending on what the user's actions are in their daily work, they may be prompted to choose which certificate to use but since both are named exactly the same, they don't know what to do. I end up having to go into Keychain Access to locate the expired cert and manually delete it.

Surely there's a better method of handling certificate renewals. Windows users don't have to deal with any of that garbage. The certs automatically renew and there's no confusion.