zhumo
commented
1 year ago Hey @michalnicp, Tomas and I broke this up into two issues (other one here: https://github.com/fleetdm/fleet/issues/8440) and linked them to the MDM epics.
Closed michalnicp closed 1 year ago
zhumo
commented
1 year ago Hey @michalnicp, Tomas and I broke this up into two issues (other one here: https://github.com/fleetdm/fleet/issues/8440) and linked them to the MDM epics.
roperzh
commented
1 year ago Seems like this was already fixed by @michalnicp in https://github.com/fleetdm/fleet/pull/8267
Fleet version: (head to the "My account" page in the Fleet UI or run
fleetctl --version)Operating system: (e.g. macOS 11.2.3)
Web browser: (e.g. Chrome 88.0.4324)
🧑‍💻  Expected behavior
The client certificate that gets issued to a device during MDM enrollment should have a proper subject name when viewed in the Keychain Access app. It should also get removed when unenrolling from MDM.
đź’Ą Â Actual behavior
The certificate is not removed after unenrolling from MDM
More info
Users may accidentally remove the certificate and key when they see an "Unknown" certificate with a warning. Removing it will cause the mdm client to stop working, effectively breaking mdm for that device.
I am not sure if the two issues are related. Create another issue if appropriate.
The client certificate should probably contain a subject with an Org and CommonName. The CommonName could be something useful like the device id (uuid). The Org could be the same Org as in the certificate ca used to issue the certificate.