The macOS AD certificate policy allows admins to distribute certificates to devices in bulk, while leveraging the Active Directory credentials of Users. This simplifies certificate association, while ensuring the devices are secured.
The following details need to be provided, to configure an AD certificate policy:
Information about the Certificate Authority, certificate renewal, and similar details concerning the certificate need to be obtained from the Vendor itself. MDM will then use these details to simplify certificate management using the policy.
|Server URL||Specify the URL of the Certificate Authority from where the certificate is purchased or obtained.|
|CA Name||Specify the name of the Certificate Authority. Ex: DigiCert|
|Certificate template name||Provide any name for the template that MDM will assign this policy to. Ex: Sales template 1|
|Interval to renew certificates||Enter the number of days after which the certificate has to be renewed. Negative values are not supported.|
|Certificate key size||Select between 2048 and 4096 sizes for the Certificate's key. To verify details about the certificate's key size, check the details provided on the certificate. For more information about the certificate, contact the Vendor/CA.|
|Extract certificate key||Select if the certificate key needs to be extracted after it is associated with the device.|
- The certificates are added only if the certificate files are not corrupt and the correct password is provided in case of password-protected certificates.
- On certificate expiry, upload the renewed certificate as a new certificate in the profile and then push it to the managed devices.