We have a Network Configuration Profile with embedded certificate (for 802.1x WiFi authentication) on our Mac computers (Catalina/Big Sur/Monterey) deployed over the last 2 years.
Unfortunately, we now need to replace this Configuration Profile for 2 reasons:
- The embedded certificate is about to expire.
- We need to change a few settings in the profile (Proxy and Any Ethernet)
btw, the current and future Configuration Profile is set to "Make Available in Self Service".
What is the best way to implement this without a user losing their WiFi connection to our corporate network? (Unfortunately we have only one WiFi network!). It seems, this is not an easy task.
Would there also be an option to at least just replace the certificate via script without changing the Configuration Profile itself? e.g. deploy the new certificate via PKG and then install it into the system keychain using the security command.
Will this be automatically recognized by the existing WiFi settings (as long as the new certificate also has the same name, of course) or will the WiFi connection continue to use the old, expired certificate?
Another idea was to run a script, which would install the new Configuration Profile via the Self Service link (e.g. jamfselfservice://content?entity=configprofile&id=39&action=execute). This seems to work for INSTALLING a Configuration Profile, but not for REMOVING an existing one. Even if the button in Self Service shows "Remove", the same link will not remove it. If there would be a way to remove the old (existing) Configuration Profile by script, we maybe had a (not perfect) solution.