Certificate Distribution Using Configuration Profiles

You can issue Venafi certificates to computers and mobile devices using either the Certificate or SCEP payload within a Jamf Pro configuration profile. After the configuration profile is installed on the computers or mobile devices and the certificates are issued, you can redistribute or revoke the certificates from a device if it falls out of scope.

One method to control scope is to use an extension attribute. For example, if you create an extension attribute to indicate an end user's status, such as "active" or "inactive", you can configure scope so that all "inactive" users are out of scope. This will cause certificates on the computers or mobile devices associated with inactive end users to be automatically revoked.

For more information about extension attributes, see the following sections in the Jamf Pro Documentation:


When configuring the Wi-Fi payload in configuration profiles, Venafi certificates will not be displayed under "Trusted Certificates".