I want Fleet to automatically renew the SCEP certificates installed on my hosts 180 days from expiration
so that my SCEP certificates don't expire when an end user goes on parental leave and thus, I don't have to turn on MDM again these macOS hosts.
Context
Requestor(s): @noahtalerman
Product designer: @noahtalerman
It looks like this is what Jamf does (from this doc):
Today, Fleet renews certificates 30 days from expiration:
15332
Changes
Product
[ ] 180 days before a host's SCEP cert expires, Fleet sends an InstallProfile command with an enrollment profile. This causes the SCEP certificate to be renewed.
If renewal fails, Fleet logs an error and tries again the next cron run.
[ ] UI changes: No UI changes.
[ ] CLI usage changes: No CLI changes.
[ ] REST API changes: No REST API changes.
[ ] Fleet's agent (fleetd) changes: No fleetd changes.
[ ] Permissions changes: No permissions changes.
[ ] Changes to paid features or tiers: No changes to paid features and tiers.
Engineering
[ ] Reference documentation changes: TODO
[ ] Usage documentation changes: TODO
[ ] Database schema migrations: TODO
[ ] Load testing: TODO
ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".
QA
Risk assessment
Requires load testing: TODO
Risk level: Low / High TODO
Risk description: TODO
Manual testing steps
Step 1
Step 2
Step 3
Testing notes
Confirmation
[ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
[ ] QA (@____): Added comment to user story confirming successful completion of QA.
Goal
Context
It looks like this is what Jamf does (from this doc):![Screenshot 2024-06-12 at 10 03 42 AM](https://github.com/fleetdm/fleet/assets/47070608/67470406-6ceb-4664-98ab-aef485dd89d7)
Today, Fleet renews certificates 30 days from expiration:
15332
Changes
Product
InstallProfile
command with an enrollment profile. This causes the SCEP certificate to be renewed.Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation