Revoking Venafi Certificates

Certificates issued from Jamf Pro using Venafi as a CA can be automatically revoked from computers and mobile devices. You can enable automatic certificate revocation while you are configuring Venafi as a CA in Jamf Pro or afterward. When automatic certificate revocation is enabled and scope has been defined in configuration profiles, Venafi certificates will be automatically revoked from computers or mobile devices when they fall out of scope.

  1. In Jamf Pro, click Settings in the top-right corner of the page.
  2. In the Global Management section, click PKI Certificates .
  3. Click View in the Manage CA column.
  4. Click Edit .
  5. Enable or disable automatic certificate revocation as needed (enabled by default).
  6. Click Save .

When viewing the list of Venafi certificates, revoked certificates will have a Status of "Inactive" and a State of "Revoked".

The Jamf Pro revocation service sends revocation requests either every 30 seconds or in batches of 100, depending on which constraint is met first. If there are less than 100 revocations, the revocation requests are sent 30 seconds after the first configuration profile is set to be removed. If there are 100 or more revocations, the first 100 revocation requests are sent immediately. Subsequent revocation requests are then immediately sent in groups of 100 or are deferred for 30 seconds if less than 100 remain.