The payload that configures Active Directory Certificate settings.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Certificate Server CertServer The fully qualified host name of the CA. | string | required | — | ✓Yes | macOS (10.7+) |
Certificate Template CertTemplate The certificate template for your environment. The default user certificate value is \`User\`. The default computer certificate value is \`Machine\`. | string | required | — | ✓Yes | macOS (10.7+) |
Description Description A user-friendly description of the certification identity. | string | optional | — | ✓Yes | macOS (10.7+) |
Certificate Renewal Time Interval CertificateRenewalTimeInterval The number of days in advance of certificate expiration that the notification center notifies the user. | integer | optional | — | ✓Yes | macOS (10.7+) |
Certificate Authority CertificateAuthority The name of the certificate authority (CA), which is determined from the common name (CN) of the Active Directory entry. Available in macOS 10.8 and later. Valid values:
- CN=<your CA Name>
- CN=`Certification Authorities`
- CN=`Public Key Services`
- CN=`Services`
- CN=`Configuration`
- CN=<your base Domain Name> | string | optional | — | ✓Yes | macOS (10.8+) |
Certificate Acquisition Mechanism CertificateAcquisitionMechanism This value is most commonly `RPC`; if using web enrollment, use `HTTP`. Available in macOS 10.8 and later. | string | optional | — | ✓Yes | macOS (10.8+) |
Allow All Apps Access AllowAllAppsAccess If `true`, gives apps access to the private key. Available in macOS 10.10 and later. | boolean | optional | false | ✓Yes | macOS (10.10+) |
Prompt for Credentials PromptForCredentials If `true`, the system prompts the user for credentials when is installs the profile. This key applies only to user certificates with the Manual Download profile delivery method. Omit this key for computer certificates. Available in macOS 10.8 and later. | boolean | optional | false | ✓Yes | macOS (10.8+) |
Key Is Extractable KeyIsExtractable If `true`, the system allows exporting the private key. Available in macOS 10.10 and later. | boolean | optional | false | ✓Yes | macOS (10.10+) |
Key Size Keysize The RSA key size for the certificate signing request (CSR). Available in macOS 10.11 and later. | integer | optional | 2048 | ✓Yes | macOS (10.11+) |
Enable Auto Renewal EnableAutoRenewal If `true`, the certificate obtained with this payload attempts auto-renewal. Auto-renewal can only be used with device Active Directory certificate payloads. Available in macOS 10.13.4 and later. | boolean | optional | false | ✓Yes | macOS (10.13.4+) |
Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.
com.apple.wifi.managed – Wi-Fi network configurationcom.apple.vpn.managed – VPN configurationcom.apple.applicationaccess – App and feature restrictionscom.apple.security.pkcs1 – Certificate (PKCS#1) payloadcom.apple.security.pkcs12 – Identity certificate (PKCS#12) payloadcom.apple.security.scep – SCEP certificate enrolmentcom.apple.mail.managed – Mail account configurationcom.apple.eas.account – Exchange ActiveSync accountcom.apple.MCX – Managed Client (macOS) preferencescom.apple.MCX.FileVault2 – FileVault 2 disk encryptioncom.apple.dock – macOS Dock configurationcom.apple.screensaver – Screensaver configurationcom.apple.loginwindow – macOS login window configurationcom.apple.systempolicy.managed – Gatekeeper / system policycom.apple.systempreferences – System Preferences pane restrictionscom.apple.SoftwareUpdate – Software update behaviourcom.apple.TCC.configuration-profile-policy – Privacy Preferences Policy Control (PPPC)com.apple.notificationsettings – Per-app notification settingscom.apple.webcontent-filter – Web content filtercom.apple.dnsSettings.managed – DNS settings (DoH / DoT)com.apple.relay.managed – Network relay configurationcom.apple.extensiblesso – Extensible Single Sign-Oncom.apple.configuration.passcode.settings – DDM: passcode policycom.apple.configuration.softwareupdate.enforcement.specific – DDM: enforced software updatecom.apple.configuration.services.configuration-files – DDM: service configuration filescom.apple.configuration.management.status-subscriptions – DDM: status subscriptionscom.apple.activation.simple – DDM: simple activation predicatecom.apple.management.organization-info – DDM: organization information