Skip to main content
Question

Auto-selecting client certificates for website in Safari

  • April 28, 2020
  • 5 replies
  • 57 views
E
Forum|alt.badge.img+3

Hey guys. I have a website we use that asks for a client certificate from the users. I'd like to auto-accept it in Safari and are pushing these custom settings with the SCEP certificate, but it wont work in Safari. We are using this documentation and it works for the TENANT.vmwareidentity.eu.

I can get Google Chrome to auto-select the certificate. This is the custom code that I'm pushing

<dict>
    <key>Name</key>
    <string>WEBSITE HERE</string>
    <key>PayloadCertificateUUID</key>
    <string>UUIDHERE</string>
    <key>PayloadUUID</key>
    <string>UUIDHERE</string>
    <key>PayloadType</key>
    <string>com.apple.security.identitypreference</string>
    <key>PayloadDisplayName</key>
    <string>Identity Pref</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadIdentifier</key>
    <string>com.apple.security.identitypreference</string>
</dict>

Any ideas, workarounds, etc. are greatly appreciated.

    5 replies

    P
    Forum|alt.badge.img+9
    • patgmac
    • New Contributor
    • April 28, 2020

    You shouldn't need a custom payload for this.

    You need to deploy another cert profile (at the user level!), and define the preference items to go along with it. It won't use an existing cert. This should result in having your identity preference added to the login keychain and associated with the new cert.

    E
    Forum|alt.badge.img+3
    • EmilDIT
    • Author
    • New Contributor
    • April 29, 2020

    Thanks for the reply! This is also what I'm during currently, and my profile looks like this:

    P
    Forum|alt.badge.img+9
    • patgmac
    • New Contributor
    • April 29, 2020

    I had opened an enterprise case when I was getting this setup. I can't find the note, but I seem to remember them specifically saying not to specify "https://" in the URL, just *.domain.com in my case.

    J
    Forum|alt.badge.img+7
    • jlombardo
    • Valued Contributor
    • September 30, 2022

    Have you been able to successfully doing this when authenticating to Office 365?  Would like the CA cert to be automatically selected if a user uses Safari. Adding an Identity Preference does not seem to work and the cert still has to get selected

    M
    Forum|alt.badge.img+4
    • Marvin_Alonso
    • New Contributor
    • March 1, 2024

    Hello all,

     

    Asking if anyone has been able to get this work. 

    Terms & ConditionsCookie settingsAccessibility statement