Auto-selecting client certificates for website in Safari

EmilDIT
New Contributor II

Hey guys. I have a website we use that asks for a client certificate from the users. I'd like to auto-accept it in Safari and are pushing these custom settings with the SCEP certificate, but it wont work in Safari. We are using this documentation and it works for the TENANT.vmwareidentity.eu.

I can get Google Chrome to auto-select the certificate. This is the custom code that I'm pushing

<dict>
    <key>Name</key>
    <string>WEBSITE HERE</string>
    <key>PayloadCertificateUUID</key>
    <string>UUIDHERE</string>
    <key>PayloadUUID</key>
    <string>UUIDHERE</string>
    <key>PayloadType</key>
    <string>com.apple.security.identitypreference</string>
    <key>PayloadDisplayName</key>
    <string>Identity Pref</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadIdentifier</key>
    <string>com.apple.security.identitypreference</string>
</dict>

Any ideas, workarounds, etc. are greatly appreciated.

5 REPLIES 5

patgmac
Contributor III

You shouldn't need a custom payload for this.

You need to deploy another cert profile (at the user level!), and define the preference items to go along with it. It won't use an existing cert. This should result in having your identity preference added to the login keychain and associated with the new cert. 150c0538dd4549e38e85796db64bd47b

52ed1875b2874fdf8229e3413f4da014

EmilDIT
New Contributor II

Thanks for the reply! This is also what I'm during currently, and my profile looks like this: e528f353db8a4574a2b01a50514cd347

patgmac
Contributor III

I had opened an enterprise case when I was getting this setup. I can't find the note, but I seem to remember them specifically saying not to specify "https://" in the URL, just *.domain.com in my case.

jlombardo
Contributor

Have you been able to successfully doing this when authenticating to Office 365?  Would like the CA cert to be automatically selected if a user uses Safari. Adding an Identity Preference does not seem to work and the cert still has to get selected

Marvin_Alonso
New Contributor

Hello all,

 

Asking if anyone has been able to get this work.