Certificate (PKCS #12) (com.apple.security.pkcs12)

com.apple.security.pkcs12

The payload that configures a PKCS #12-formatted certificate.

iOS(4.0)macOS(10.7)tvOS(9.0)visionOS(1.0)watchOS(3.0)
Branch: release

Settings (5)

SettingTypeRequiredDefaultManual InstallSupported OS
Payload Certificate Filename
PayloadCertificateFileName
The file name of the enclosed certificate.
stringoptional
Yes
iOS (4.0+)macOS (10.7+)tvOS (9.0+)visionOS (1.0+)watchOS (3.0+)
Payload Certificate Data
PayloadContent
The binary representation of the payload, encoded in Base64.
datarequired
Yes
iOS (4.0+)macOS (10.7+)tvOS (9.0+)visionOS (1.0+)watchOS (3.0+)
Password
Password
The password to the identity.
stringoptional
Yes
iOS (4.0+)macOS (10.7+)tvOS (9.0+)visionOS (1.0+)watchOS (3.0+)
Allow All Apps Access
AllowAllAppsAccess
If `true`, the system allows apps access to the private key. Available in macOS 10.10 and later.
booleanoptionalfalse
Yes
macOS (10.10+)
KeyIsExtractable
KeyIsExtractable
If `false`, the system doesn't tag the private key data as extractable in the keychain.
booleanoptionaltrue
Yes
macOS (10.15+)

Apple MDM & DDM Policy Explorer

Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.

Reference: policy categories & common keys

Policy categories

  • Configuration Profile
  • Declarative Configuration
  • Declarative Activation
  • Declarative Asset
  • Declarative Management

Common policy keys

  • com.apple.wifi.managedWi-Fi network configuration
  • com.apple.vpn.managedVPN configuration
  • com.apple.applicationaccessApp and feature restrictions
  • com.apple.security.pkcs1Certificate (PKCS#1) payload
  • com.apple.security.pkcs12Identity certificate (PKCS#12) payload
  • com.apple.security.scepSCEP certificate enrolment
  • com.apple.mail.managedMail account configuration
  • com.apple.eas.accountExchange ActiveSync account
  • com.apple.MCXManaged Client (macOS) preferences
  • com.apple.MCX.FileVault2FileVault 2 disk encryption
  • com.apple.dockmacOS Dock configuration
  • com.apple.screensaverScreensaver configuration
  • com.apple.loginwindowmacOS login window configuration
  • com.apple.systempolicy.managedGatekeeper / system policy
  • com.apple.systempreferencesSystem Preferences pane restrictions
  • com.apple.SoftwareUpdateSoftware update behaviour
  • com.apple.TCC.configuration-profile-policyPrivacy Preferences Policy Control (PPPC)
  • com.apple.notificationsettingsPer-app notification settings
  • com.apple.webcontent-filterWeb content filter
  • com.apple.dnsSettings.managedDNS settings (DoH / DoT)
  • com.apple.relay.managedNetwork relay configuration
  • com.apple.extensiblessoExtensible Single Sign-On
  • com.apple.configuration.passcode.settingsDDM: passcode policy
  • com.apple.configuration.softwareupdate.enforcement.specificDDM: enforced software update
  • com.apple.configuration.services.configuration-filesDDM: service configuration files
  • com.apple.configuration.management.status-subscriptionsDDM: status subscriptions
  • com.apple.activation.simpleDDM: simple activation predicate
  • com.apple.management.organization-infoDDM: organization information