<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base

SCEP Profiles Not Pushed to macOS via JAMF if Expired and Certificate Name Exceeds 65 Characters

Last Updated:

Okta Classic Engine
Devices and Mobility
Okta Identity Engine

Overview

When deploying the Okta certificate to macOS devices through JAMF, it might be necessary to configure JAMF with a SCEP profile expiration that re-issues the SCEP profile after a specific number of days. This will silently fail if the certificate/subject name exceeds 64 characters.

Applies To

  • Managed Devices
  • JAMF
  • Certificate deployment/renewal

Cause

This is an Active Directory limitation where Common Names must not exceed 64 characters, which prevents the SCEP profile distribution.

Solution

Update the certificate/subject name so that it is under 64 characters. 

Recommended content

Still looking for help?
Loading
Okta Support - SCEP Profiles Not Pushed to macOS via JAMF if Expired and Certificate Name Exceeds 65 Characters