Enable Automatic Certificate Renewals In High Sierra

When you push a certificate out in a profile, the certificate is statically stored on a Mac. If you are delivering a certificate over the air and in a device profile that is seperate from the MDM payload then the Active Directory Certificate payload can enable automatic certificate renewals. You can enable automatic renewals with a defaults command (or manage the preference domain via MDM) using the following command:

defaults write /Library/Preferences/com.apple.mdm-client AutoRenewCertificatesEnabled -bool YES
Note: Because they’re already dymanic and all, SCEP payloads cannot be automatically renewed.

One thought on “Enable Automatic Certificate Renewals In High Sierra”

  1. @krypted Hey was just looking at this and playing around with a test high sierra machine. Is the Domain com.apple.mdm-client ? or com.apple.mdmclient ?


Comments are closed.