The payload that configures certificate revocation checking.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Enabled Certs EnabledForCerts An array of certificates that the system checks for revocation.
Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA.
It's not necessary to specify trusted root certificates because they're implicitly specified. See [https://support.apple.com/en-us/HT209143](https://support.apple.com/en-us/HT209143) for the available trusted root certificates for Apple operating systems. 1 subkey | array | optional | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
└─ SubjectPublicKeyInfoHashDict SubjectPublicKeyInfoHashDict A dictionary of hashed public keys. 2 subkeys | dictionary | — | ✓Yes | iOS (14.2+)visionOS (1.1+) | |
└─ └─ Algorithm Algorithm The algorithm must be `sha256`. | string | required | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
└─ └─ Hash Hash The hash of the DER-encoding of the certificate's `subjectPublicKeyInfo`.
The hash field requires the data (`subjectPublicKeyInfo` hash) in a specific format: a Base64 encoded (binary) SHA-256 hash of the certificate's public key. | data | required | — | ✓Yes | iOS (14.2+)visionOS (1.1+) |
