Active Directory Certificate payload settings for Apple devices
You can use Active Directory Certificate settings for Mac computers enrolled in a mobile device management (MDM) solution. Use the Active Directory Certificate payload to set authentication information for Active Directory Certificate servers. Active Directory Certificate servers bind a user identity or device to a private key that is stored in a directory server. This payload lets the device or user use the stored key for service encryption and authentication.
To bind a Mac to Active Directory, see the Directory payload.
OS and channel
Supported enrollment types
The description of the certificate request.
Certificate server address
The IP address or fully qualified domain name (FQDN) of the certificate server.
The name of the certificate authority (the common name or CN attribute value of the directory entry at “CN=<your CA>,N=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,<your base DN>”
The name of the template.
Certificate expiration notification thread
The number of days before the certificate expires at which to begin showing the expiration notification.
RSA key size
The key size for the Certificate Signing Request (CSR).
Prompt for credentials
You can prompt users to enter their credentials.
Account user name and password
The user name and password credentials (optional for users and groups, unnecessary for devices and device groups).
Allow access to all apps
By default, only selected processes, such as Wi-Fi and VPN, can access this certificate. Enable this option to allow all apps to access this certificate.
Allow export from the Keychain
This allows the private key to be exported from the Keychain.
Allows the certificate to attempt an auto-renewal from the server.