DigiCert's support for PKI Platform 8 is scheduled to end on 01 October 2025. If you are currently using PKI Platform 8, Jamf recommends planning out a transition to DigiCert ONE Trust LifeCycle Manager as soon as possible to ensure continued certificate management capabilities. For more information about this change, see the following documentation from DigiCert:
Transitioning certificate issuance from PKI Platform 8 to DigiCert® ONE
You can distribute Venafi certificates to computers and mobile devices using either the Certificate or SCEP payload within a Jamf Pro configuration profile. After the configuration profile is installed on the computers or mobile devices and the certificates are issued, you can redistribute or revoke the certificates from a device if it falls out of scope.
One method to control scope is to use an extension attribute. For example, if you create an extension attribute to indicate an end user's status, such as "active" or "inactive", you can configure scope so that all "inactive" users are out of scope. This will cause certificates on the computers or mobile devices associated with inactive end users to be automatically revoked.
For more information about extension attributes, see the following sections in the Jamf Pro Documentation:
When configuring the Wi-Fi payload in configuration profiles, Venafi certificates will not be displayed under "Trusted Certificates".