Removal of SCEP certificates off client machines

sixback
New Contributor

We have mac network clients who for some reason have more than one SCEP certificate version installed in their keychains after we pushed a SCEP package update out to them. The original cert is now invalid and we think it is causing authentication issues as it is being randomly selected and chosen when attempting to authenticate

We want to eliminate all currently installed SCEP certs and push out a new SCEP package with updated cert modifications that are compatible with macOS 10.15 and ios 10.13.

Is there a way to do this cert elimination through Jamf?

1 REPLY 1

merps
Contributor III

Here's what I would try first:
1. Create a new config profile with the desired SCEP configuration
2. Deploy new cert using config profile from above
3. Exclude devices from scope of the profiles that delivered the old certs.