The following table lists common issues that you may encounter when integrating with Venafi using Jamf Pro and how to resolve them.
| Symptom | Explanation/Resolution |
|---|---|
The payload settings for the configuration profile scoped to the device are not applying to the certificates that are issued to the devices. | Venafi TPP has a CSR Generation setting that allows users to configure the policy to use "Service Generated CSR" or "User provided CSR". If you see settings on the payload that are not reflected on the issued certificate, verify that the Venafi TPP setting is set to "User provided CSR" in Venafi TPP. See screen shot for reference. |
The configuration profile and certificate have been removed from the device. The Jamf PKI Proxy logs show the certificate was revoked. In Jamf Pro, the certificate status is revoked, however the certificate is not revoked in Venafi TPP. | Ensure the certificate authority that is used for the policy supports certificate revocation. You may see a certificate revocation status similar to the Venafi TPP screen shot below: |