Certificates - Mac deployment


What is the best practice regarding deployment of certificates. I have about 200 mac in a typical windows environment with 5000 PC´s .
So there is root certificates and are also running office 365 where there seems to be some certificates, as outlook often prompts for certificates on mac

Is the best way to deploy them through server app and configuration profiles or is there any option to get this running through different ways ?. Looking for some guides describing it more detailed


Contributor II

If they're just root certs (or the same cert for all computers) then config profiles are the way to go.

If you need individual certs then config profiles using SCEP.

Valued Contributor III

I personally deploy them with scripts. Simply echo the cert out to a file and then import it with whatever trust settings you'd like. More control than you get with profiles, and there has been at least one instance in the past where after a macOS update, it wasn't properly handling the chain of trust with profile certs which broke wifi auth.

For AD certs, I use a profile.