Certificate Revocation (com.apple.security.certificaterevocation)

com.apple.security.certificaterevocation

The payload that configures certificate revocation checking.

iOS(14.2)visionOS(1.1)
Branch: release

Settings (4)

SettingTypeRequiredDefaultManual InstallSupported OS
Enabled Certs
EnabledForCerts
An array of certificates that the system checks for revocation. Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA. It's not necessary to specify trusted root certificates because they're implicitly specified. See [https://support.apple.com/en-us/HT209143](https://support.apple.com/en-us/HT209143) for the available trusted root certificates for Apple operating systems.
1 subkey
arrayoptional
Yes
iOS (14.2+)visionOS (1.1+)
└─
SubjectPublicKeyInfoHashDict
SubjectPublicKeyInfoHashDict
A dictionary of hashed public keys.
2 subkeys
dictionary
Yes
iOS (14.2+)visionOS (1.1+)
└─ └─
Algorithm
Algorithm
The algorithm must be `sha256`.
stringrequired
Yes
iOS (14.2+)visionOS (1.1+)
└─ └─
Hash
Hash
The hash of the DER-encoding of the certificate's `subjectPublicKeyInfo`. The hash field requires the data (`subjectPublicKeyInfo` hash) in a specific format: a Base64 encoded (binary) SHA-256 hash of the certificate's public key.
datarequired
Yes
iOS (14.2+)visionOS (1.1+)

Apple MDM & DDM Policy Explorer

Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.

Reference: policy categories & common keys

Policy categories

  • Configuration Profile
  • Declarative Configuration
  • Declarative Activation
  • Declarative Asset
  • Declarative Management

Common policy keys

  • com.apple.wifi.managedWi-Fi network configuration
  • com.apple.vpn.managedVPN configuration
  • com.apple.applicationaccessApp and feature restrictions
  • com.apple.security.pkcs1Certificate (PKCS#1) payload
  • com.apple.security.pkcs12Identity certificate (PKCS#12) payload
  • com.apple.security.scepSCEP certificate enrolment
  • com.apple.mail.managedMail account configuration
  • com.apple.eas.accountExchange ActiveSync account
  • com.apple.MCXManaged Client (macOS) preferences
  • com.apple.MCX.FileVault2FileVault 2 disk encryption
  • com.apple.dockmacOS Dock configuration
  • com.apple.screensaverScreensaver configuration
  • com.apple.loginwindowmacOS login window configuration
  • com.apple.systempolicy.managedGatekeeper / system policy
  • com.apple.systempreferencesSystem Preferences pane restrictions
  • com.apple.SoftwareUpdateSoftware update behaviour
  • com.apple.TCC.configuration-profile-policyPrivacy Preferences Policy Control (PPPC)
  • com.apple.notificationsettingsPer-app notification settings
  • com.apple.webcontent-filterWeb content filter
  • com.apple.dnsSettings.managedDNS settings (DoH / DoT)
  • com.apple.relay.managedNetwork relay configuration
  • com.apple.extensiblessoExtensible Single Sign-On
  • com.apple.configuration.passcode.settingsDDM: passcode policy
  • com.apple.configuration.softwareupdate.enforcement.specificDDM: enforced software update
  • com.apple.configuration.services.configuration-filesDDM: service configuration files
  • com.apple.configuration.management.status-subscriptionsDDM: status subscriptions
  • com.apple.activation.simpleDDM: simple activation predicate
  • com.apple.management.organization-infoDDM: organization information