Skip to main content

FileVault2 Recovery Key Profile Shows as "Expired" on Jamf Now Managed Mac

Updated over 2 weeks ago

Description

FileVault 2 profiles for Jamf Now expire two years after installation on managed Macs. Jamf Now should renew the FileVault profile automatically by default.

If a managed Mac has an expired certificate for FileVault, follow the steps below to generate a new certificate.

Note: These steps will not impact any Macs that are already encrypted and/or have their key stored in Jamf Now.

Generating a new FileVault Certificate

  1. In Jamf Now, click Blueprints and select the blueprint that devices having this issue are assigned to.

  2. Click Security and uncheck the box for Enable FileVault.

  3. Click Save Changes.

  4. Recheck the box for Enable FileVault on the Security tab of the blueprint.

  5. Click Save Changes.

Once the Mac submits inventory to Jamf Now, it will receive the new FileVault profile pushed by Jamf Now.

More Resources

If a Mac impacted by this issue does not have the key stored in Jamf Now, you can always generate a new key following the steps in the Jamf Now documentation.

Did this answer your question?