Renewing a Venafi Certificate

The certificate renewal process differs depending on which payload is used to issue the certificate:

Certificate payload —
The automatic certificate renewal process runs every six hours on only the primary node. Jamf Pro automatically redistributes the certificates via a configuration profile 10 days before the certificate expires. If these default settings do not meet your needs, contact Jamf Support.
SCEP payload —
To renew SCEP-issued certificates, select the Redistribute Profile field in the SCEP payload of the configuration profile. This option enables the configuration profile to be redistributed automatically when its SCEP-issued certificate is the specified number of days from expiring.

You can manually redistribute the configuration profile associated with the certificate by editing and saving the profile in Jamf Pro (you do not actually need to make any changes to the profile). Redistributing the configuration profile will issue a new certificate to the devices that are in the configuration profile's scope.

In Jamf Pro, click Settings in the sidebar.
In the Global section, click PKI certificates .
In the row for the CA containing the certificate you want to redistribute, click the number in the Expiring, Active, Inactive, or All column to view a list of the certificates.
Click the certificate in the Certificate Subject column you want to renew.
At the bottom of the page, click the configuration profile that is associated with the certificate.
Click Edit .
Note:
You do not need to make any changes to the configuration profile.
Click Save .
On the Redistribution Options pane, click Distribute to All.

The configuration profile is redistributed to all computers or mobile devices that are in scope the next time the devices check in to Jamf Pro.