Jamf Nation Community

JamfUser01 · Monday

I keep seeing the error message: "The Jamf Pro built-in certificate authority will expire soon." However, the certificate has already been renewed and doesn’t expire until 2034.
When I check the Built-in Certificate Authority section, I see a list of certificates that are due to expire this week, but I’m not sure what they relate to. This system was originally set up by someone else, and I can’t figure out why the error is still appearing even after renewal.
Any ideas on how to fix this? and TIA

AJPinto · Tuesday

You need to contact Jamf, if this is allowed to expire you will have a lot of problems.

If you are onprem my guess is the certificate you used to renew this is missing something.

JamfUser01 · Tuesday

Thanks, I've reaching out to jamf for assist.

Is it possible to identify which devices are associated with the expiring certificate? When I view the certificate, I can see the certificate subject, serial number, and expiry date, but I cannot determine which devices it is linked to. Some devices have been decommissioned, so I'm unsure whether it applies to those.

boberito · Tuesday

I'm in the same boat. We renewed the CA over the summer. It never cleared the warning.

snowfox · Tuesday

Is it possible to identify which devices are associated with the expiring certificate?

ALL of them. If you use the built-in certificate authority (as opposed to an external certificate authority), ALL enrolled devices use that certificate to install the 'MDM profile' and establish a trust relationship with the MDM server. If it expires, ALL enrolled devices will lose their trust relationship with the MDM server and will have to be enrolled again.

The built-in certificate authority is the master certificate of the MDM server. Every enrolled endpoint has it installed inside MDM.mobileconfig That's why it only expires once every 10 years.

In other words, if it expires, you will have a 'very bad day at work'.

My advice is to work with Jamf Technical Support to ensure that does not happen.