Certificate policy lets you deploy server CA certificates, to secure and configure features such as, Wi-Fi, E-mail etc., in the managed devices. This policy lets you distribute certificates to mobile devices and ideally used to secure and validate network communications from the device to any internal/external website. By pushing certificates to device, you can secure access to networks/servers, secure e-mail communication etc., For example, you can deploy CA certificates to the managed devices, if your organization uses S/MIME to connect to a network/server. The certificates pushed to the device ensures the devices trusts the enterprise CA. This payload is supported for macOS, tvOS and iOS devices.
For scaleable and and simplified distribution of certificates in large organizations, you can configure Simple Certificate Enrollment Protocol(SCEP)
|Certificate File||The file to be pushed to the managed devices|
|Password||This optional parameter must be entered if the certificate is password protected|
- The certificates are added only if the certificate files are not corrupt and the correct password is provided in case of password-protected certificates.
- On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.