macOS
The following article describes how to deploy a device or/and user certificates for macOS devices. The deployment of the SCEPman Root Certificate is mandatory. Afterward, you can choose between deploying only device, user or even both certificate types.
Please note that macOS enrols a separate client authentication certificate for each device configuration profile in which a SCEP profile is referenced, in addition to the actual SCEP certificate profile.
Root Certificate
The basis for deploying SCEP certificates is to trust the root certificate of SCEPman. Therefore, you have to download the CA Root certificate and deploy it as a Trusted certificate profile via Microsoft Intune:
Note, that you have to use the same group for assigning the Trusted certificate and SCEP profile. Otherwise, the Intune deployment might fail.
Device certificates
With our stated settings, we fulfill Apples certificate requirements.
Example
User Certificates
The following section will show you how you can deploy user certificates via Intune Certificate profile on macOS X 10.12 (or later) devices.
Please note: Certificates provisioned through the SCEP protocol - regardless of the type (user or device) - are always placed in the system keychain (System store) of the device.
In case a 3rd party application requires access to such a certificate (e.g. 3rd party VPN client), the slider to Allow all apps access to private key in the keychain must be set to enabled.
Please follow the instructions of #Device certificates and take care of the following differences:
With our stated settings, we fulfill Apples certificate requirements
Example
Last updated