The payload that configures certificate revocation checking.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Enabled Certs EnabledForCerts An array of certificates that the system checks for revocation.
Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA.
It's not necessary to specify trusted root certificates because they're implicitly specified. See [https://support.apple.com/en-us/HT209143](https://support.apple.com/en-us/HT209143) for the available trusted root certificates for Apple operating systems. 1 subkey | array | optional | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
└─ SubjectPublicKeyInfoHashDict SubjectPublicKeyInfoHashDict A dictionary of hashed public keys. 2 subkeys | dictionary | — | ✓Yes | iOS (14.2+)visionOS (1.1+) | |
└─ └─ Algorithm Algorithm The algorithm must be `sha256`. | string | required | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
└─ └─ Hash Hash The hash of the DER-encoding of the certificate's `subjectPublicKeyInfo`.
The hash field requires the data (`subjectPublicKeyInfo` hash) in a specific format: a Base64 encoded (binary) SHA-256 hash of the certificate's public key. | data | required | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.
com.apple.wifi.managed – Wi-Fi network configurationcom.apple.vpn.managed – VPN configurationcom.apple.applicationaccess – App and feature restrictionscom.apple.security.pkcs1 – Certificate (PKCS#1) payloadcom.apple.security.pkcs12 – Identity certificate (PKCS#12) payloadcom.apple.security.scep – SCEP certificate enrolmentcom.apple.mail.managed – Mail account configurationcom.apple.eas.account – Exchange ActiveSync accountcom.apple.MCX – Managed Client (macOS) preferencescom.apple.MCX.FileVault2 – FileVault 2 disk encryptioncom.apple.dock – macOS Dock configurationcom.apple.screensaver – Screensaver configurationcom.apple.loginwindow – macOS login window configurationcom.apple.systempolicy.managed – Gatekeeper / system policycom.apple.systempreferences – System Preferences pane restrictionscom.apple.SoftwareUpdate – Software update behaviourcom.apple.TCC.configuration-profile-policy – Privacy Preferences Policy Control (PPPC)com.apple.notificationsettings – Per-app notification settingscom.apple.webcontent-filter – Web content filtercom.apple.dnsSettings.managed – DNS settings (DoH / DoT)com.apple.relay.managed – Network relay configurationcom.apple.extensiblesso – Extensible Single Sign-Oncom.apple.configuration.passcode.settings – DDM: passcode policycom.apple.configuration.softwareupdate.enforcement.specific – DDM: enforced software updatecom.apple.configuration.services.configuration-files – DDM: service configuration filescom.apple.configuration.management.status-subscriptions – DDM: status subscriptionscom.apple.activation.simple – DDM: simple activation predicatecom.apple.management.organization-info – DDM: organization information