Keychain & Certificate lockdown

New Contributor

Hi we are implementing our Casper solution at the moment, and our Security group has found an issue that they need us to resolve before going live.

When the macs join our network they are receiving our main domain certificates which in turn allow use of Lync by the users. However one attribute they are not gaining from the pc originating certs is that we need to ensure that they cannot be exported from the keychain. Does anyone know of a method to either disable export or put it under password control. I have looked elsewhere online but cant find a way to truly lock it down.

Many thanks for any help.


Honored Contributor II
Honored Contributor II


Most of the control is set when creating the certificate. You can give it a passphrase that can be deployed using a conf profile in Casper.

Valued Contributor

Why do you want to stop them from exporting the cert?

If the users have access to read the cert, then how do you prevent them from exporting it?