10.7 mobileconfig profiles do not protect private keys

nkalister
Valued Contributor

Unless I've missed an available setting somewhere, it does not appear possible to make a private key non-exportable if the certificate containing it was installed from a mobileconfig profile.

This is a big problem for me- it means I can either keep the network up when users aren't logged in, or I can comply with my security requirements, but not both.

Anyone found a way to make a private key non-exportable when installed from a mobileconfig?

1 REPLY 1

nkalister
Valued Contributor

Bumpity bump