- Renewing the built-in CA may affect integrations that use the built-in CA itself or certificates created from a CSR that was signed by the CA. These certificates may need to be re-issued. The affected integrations may include:
- HTTPS file share distribution point configuration
- Signing custom configuration profiles
- SCCM (System Center Configuration Manager) plug-in
- Automated Device Enrollment token from Apple Business Manager or Apple School Manager
- When Apple Education Support is enabled in your environment, renewing the built-in CA causes existing EDU profiles to be redistributed. This may increase network traffic.
After the built-in CA is renewed, all active certificates issued by the built-in CA will automatically renew. To view the expiration date of a specific certificate, navigate to , and then click the number displayed in the All column.
Automatic renewal of MDM profiles is controlled by the MDM Profile Settings in Jamf Pro. By default, after the built-in CA is renewed, the MDM profile and the device identity certificate will renew the next time an MDM command is issued or the next time the computer or mobile device checks in to Jamf Pro. For more information, see MDM Profile Settings in the Jamf Pro Documentation.