Hey guys. I have a website we use that asks for a client certificate from the users. I'd like to auto-accept it in Safari and are pushing these custom settings with the SCEP certificate, but it wont work in Safari. We are using this documentation and it works for the TENANT.vmwareidentity.eu.
I can get Google Chrome to auto-select the certificate. This is the custom code that I'm pushing
<dict> <key>Name</key> <string>WEBSITE HERE</string> <key>PayloadCertificateUUID</key> <string>UUIDHERE</string> <key>PayloadUUID</key> <string>UUIDHERE</string> <key>PayloadType</key> <string>com.apple.security.identitypreference</string> <key>PayloadDisplayName</key> <string>Identity Pref</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.apple.security.identitypreference</string> </dict>
Any ideas, workarounds, etc. are greatly appreciated.
You shouldn't need a custom payload for this.
You need to deploy another cert profile (at the user level!), and define the preference items to go along with it. It won't use an existing cert. This should result in having your identity preference added to the login keychain and associated with the new cert.
I had opened an enterprise case when I was getting this setup. I can't find the note, but I seem to remember them specifically saying not to specify "https://" in the URL, just *.domain.com in my case.
Have you been able to successfully doing this when authenticating to Office 365? Would like the CA cert to be automatically selected if a user uses Safari. Adding an Identity Preference does not seem to work and the cert still has to get selected