During Onboard deployment testing or a user bringing a new device to the network, we may want to delete the old device/client certificates from ClearPass.
As a network Admin you would do that manually, however you would want an automatic way to do that.
So the question arises, how to delete old certificates from previous enrollments of a device automatically on ClearPass.
In ClearPass 6.5 onwards, we have a new checkbox under Onboard provisioning settings. If checked then old certificates from previous enrollments of a device will be automatically deleted.
In order to configure this setting please navigate to CPPM > Guest > Onboard > Deployment and Provisioning > Provisioning Settings > Select the provisioning profile > click edit > General tab > navigate to "Action" section
We also have option to add a deletion delay. This will make sure that any duplicate certificates will be deleted after the specified number of days have passed, since device re-enrollment.