krypted.com

Tiny Deathstars of Foulness

When you push a certificate out in a profile, the certificate is statically stored on a Mac. If you are delivering a certificate over the air and in a device profile that is seperate from the MDM payload then the Active Directory Certificate payload can enable automatic certificate renewals. You can enable automatic renewals with a defaults command (or manage the preference domain via MDM) using the following command:

defaults write /Library/Preferences/com.apple.mdm-client AutoRenewCertificatesEnabled -bool YES
Note: Because they’re already dymanic and all, SCEP payloads cannot be automatically renewed.

October 5th, 2017

Posted In: Mac OS X

Tags: , , , ,

  • Kamal Taynaz

    @krypted Hey was just looking at this and playing around with a test high sierra machine. Is the Domain com.apple.mdm-client ? or com.apple.mdmclient ?

    Thanks,