<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
SCEP Profiles Not Pushed to macOS via JAMF if Expired and Certificate Name Exceeds 65 Characters
Apr 22, 2025
Okta Classic Engine
Devices and Mobility
Okta Identity Engine
Overview

When deploying the Okta certificate to macOS devices through JAMF, it might be necessary to configure JAMF with a SCEP profile expiration that re-issues the SCEP profile after a specific number of days. This will silently fail if the certificate/subject name exceeds 64 characters.

Applies To
  • Managed Devices
  • JAMF
  • Certificate deployment/renewal
Cause

This is an Active Directory limitation where Common Names must not exceed 64 characters, which prevents the SCEP profile distribution.

Solution

Update the certificate/subject name so that it is under 64 characters. 

Recommended content

Still looking for help?
Loading
SCEP Profiles Not Pushed to macOS via JAMF if Expired and Certificate Name Exceeds 65 Characters