Help

CA expiring on some devices

pbenware1
Release Candidate Programs Tester

3 weeks ago

Hey All,

So, I was informed by Jamf Support that CA Cert on my JSS was expiring in a few short days.  It's not, which they confirmed.  It was renewed on time, and now does not expire until 2034.

However, it appears that some devices have not received the updated CA.  I don't have a grasp yet on how many, but its greater than 2.

My question- Is there a way to force devices to update the CA, via the JSS console or the API?

Does the "Renew MDM Profile" command also renew the CA cert on the device? Its not entirely clear from the documentation if Renewing MDM Profile also replaces the CA on the device as well.


Thanks

0 Kudos
2 REPLIES 2

AJPinto
Honored Contributor II

3 weeks ago

I don't think the CA Cert is needed unless you have an invalid SSL certificate for your Jamf Pro instance. 

0 Kudos

wlcasey
New Contributor III

3 weeks ago

If you push out the cert using a configuration profile your Macs will trust the new cert as soon as it's loaded. And the configuration profile can go out either automagically or via Self Service. Unless, I misunderstand your situation....?  

The old scripting methods don't work anymore because Apple tightened the rules.

Wayne

 

0 Kudos