Revoking Venafi Certificates
Certificates issued using Venafi as a PKI Provider can be automatically revoked from computers and mobile devices. You can enable automatic certificate revocation for your Venafi integration. When automatic certificate revocation is enabled and scope has been defined in configuration profiles, certificates will be automatically revoked from computers or mobile devices when they fall out of scope. Automatic certificate revocation is enabled by default.
-
Log in to Jamf Pro.
-
In the top-right corner of the page, click Settings .
-
Click Global Management.
-
Click PKI Certificates .
-
Click View in the Manage CA column.
-
Click Edit.
-
The Enable checkbox for Automatic Certificate Revocation is selected by default. To disable automatic certificate revocation, deselect Enable.
-
Click Save.
When viewing the list of certificates issued by Venafi in Jamf Pro, revoked certificates will have a Status of "Inactive" and a State of "Revoked".
The Jamf Pro revocation service sends revocation requests either every 30 seconds or in batches of 100, depending on which constraint is met first. If there are less than 100 revocations, the revocation requests are sent 30 seconds after the first configuration profile is set to be removed. If there are 100 or more revocations, the first 100 revocation requests are sent immediately. Subsequent revocation requests are then immediately sent in groups of 100 or are deferred for 30 seconds if less than 100 remain.