Certificates
Certificate policy lets you deploy server CA certificates, to secure and configure features such as, Wi-Fi, E-mail etc., in the managed devices. This policy lets you distribute certificates to mobile devices and ideally used to secure and validate network communications from the device to any internal/external website. By pushing certificates to device, you can secure access to networks/servers, secure e-mail communication etc., For example, you can deploy CA certificates to the managed devices, if your organization uses S/MIME to connect to a network/server. The certificates pushed to the device ensures the devices trusts the enterprise CA. This payload is supported for macOS, tvOS and iOS devices.
For scaleable and and simplified distribution of certificates in large organizations, you can configure Simple Certificate Enrollment Protocol(SCEP)
Profile Description
| Profile Specification | Description |
|---|---|
| Certificate File | The file to be pushed to the managed devices |
| Password | This optional parameter must be entered if the certificate is password protected |
| Allow/restrict Exporting the Associated Private Key from Keychain(Applicable only for .p12, .pfx) | Can be used to block Exporting the Private Key from the Keychain |
| Allow Third Party Apps to Access the Associated Private Key(Applicable only for .p12, .pfx) | Allows Third Party Apps to access the Private Key |
- The certificates are added only if the certificate files are not corrupt and the correct password is provided in case of password-protected certificates.
- On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.