Renewed certificate not updated in Trust Profile

Question

Level 1

5 points

Renewed certificate not updated in Trust Profile

Hello,

I'm running macOS server 10.12 which uses Profile Manager to provide settings and user authentication to around a dozen Macs. The server's certificate is generated through Lets Encrypt. The original certificate expired in December, and I renewed it and installed the new certificate in the Server app, and it shows up properly in the "Certificates" section.

However, the problem I have is that when the client Macs download the "Trust Profile" or device enrolment from <server>/mydevices, the profiles that are installed still show the old, expired certificate. How do I update the Trust Profile and device enrolment files to use the new renewed certificate?

Many thanks for any help,

Jolin

Posted on Feb 18, 2018 7:42 AM

Reply

Answer 1

Top-ranking reply

mscott_mdm

Level 2

459 points

Apr 4, 2018 11:51 AM in response to foes

Did you also make sure to select the new certificate to be used for Web in the Certificates pane of Server.app? If you did, you might try changing it to another certificate, saving, then changing it back.

As jaydisc mentioned, the actual SSL leaf certificate is never included in the trust profile.

Reply

Answer 2

jaydisc

Level 4

1,464 points

Mar 26, 2018 4:48 PM in response to foes

I'm pretty sure the Trust Profile is just:

1. The object signing certificate

2. The SCEP CA certificate

3. The OD root certificate

That's what mine includes. It DOES NOT include the certificate I'm using for HTTPS. I thought Let's Encrypt certificates were just for SSL of communications. I didn't think you could get Object Signing Certificates from Let's Encrypt (would be thrilled to be wrong!).

Reply

Renewed certificate not updated in Trust Profile

Similar questions