I've raised a ticket with JAMF on this, but some Jamf Nation...clarification... would be welcome.
On a JAMF instance there is a configuration profile setup for FileVault escrow.
The associated certificate in the configuration profile has expired.
JAMF support say to delete the cert and it will auto generate a new one.
Before this is actioned, does this sound correct?
Surely the cert here is used to decrypt the PRK that exists in the jamf database.
If you update the certificate will this not break it?
What is the ongoing impact of deploying this config profile with the outdated cert?
Ive seen something along these lines before and its ended up with a need to decrypt the Macs and redo FileVault.