Posted on 04-28-2020 03:41 AM
Hey guys. I have a website we use that asks for a client certificate from the users. I'd like to auto-accept it in Safari and are pushing these custom settings with the SCEP certificate, but it wont work in Safari. We are using this documentation and it works for the TENANT.vmwareidentity.eu.
I can get Google Chrome to auto-select the certificate. This is the custom code that I'm pushing
<dict> <key>Name</key> <string>WEBSITE HERE</string> <key>PayloadCertificateUUID</key> <string>UUIDHERE</string> <key>PayloadUUID</key> <string>UUIDHERE</string> <key>PayloadType</key> <string>com.apple.security.identitypreference</string> <key>PayloadDisplayName</key> <string>Identity Pref</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.apple.security.identitypreference</string> </dict>
Any ideas, workarounds, etc. are greatly appreciated.
Posted on 04-28-2020 08:28 AM
You shouldn't need a custom payload for this.
You need to deploy another cert profile (at the user level!), and define the preference items to go along with it. It won't use an existing cert. This should result in having your identity preference added to the login keychain and associated with the new cert.
Posted on 04-29-2020 01:51 AM
Thanks for the reply! This is also what I'm during currently, and my profile looks like this:
Posted on 04-29-2020 09:55 AM
I had opened an enterprise case when I was getting this setup. I can't find the note, but I seem to remember them specifically saying not to specify "https://" in the URL, just *.domain.com in my case.
Posted on 09-29-2022 08:19 PM
Have you been able to successfully doing this when authenticating to Office 365? Would like the CA cert to be automatically selected if a user uses Safari. Adding an Identity Preference does not seem to work and the cert still has to get selected