pdf icon
Category Filter


Certificate policy lets you deploy server CA certificates, to secure and configure features such as, Wi-Fi, E-mail etc., in the managed devices. This policy lets you distribute certificates to mobile devices and ideally used to secure and validate network communications from the device to any internal/external website. By pushing certificates to device, you can secure access to networks/servers, secure e-mail communication etc., For example, you can deploy CA certificates to the managed devices, if your organization uses S/MIME to connect to a network/server. The certificates pushed to the device ensures the devices trusts the enterprise CA. This payload is supported for macOS, tvOS and iOS devices.

For scaleable and and simplified distribution of certificates in large organizations, you can configure Simple Certificate Enrollment Protocol(SCEP)

Profile Description

Profile Specification Description
Certificate File The file to be pushed to the managed devices
Password This optional parameter must be entered if the certificate is password protected
Private Key export from Keychain Allows/ Restricts exporting the Private Key from the Keychain
Third Party Apps accessing the Associated Private Key Allows/Restricts Third Party Apps to access the Private Key
  1. The certificates are added only if the certificate files are not corrupt and the correct password is provided in case of password-protected certificates.
  2. On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.
Jump To