Files
apple_device-management/mdm/profiles/com.apple.security.certificaterevocation.yaml
Cyrus Daboo 97a11a861f Seed2
2026-06-22 15:55:19 -04:00

64 lines
2.0 KiB
YAML

title: Certificate Revocation
description: The payload that configures certificate revocation checking.
payload:
payloadtype: com.apple.security.certificaterevocation
supportedOS:
iOS:
introduced: '14.2'
multiple: true
supervised: false
allowmanualinstall: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: allowed
macOS:
introduced: n/a
tvOS:
introduced: n/a
visionOS:
introduced: '1.1'
multiple: true
supervised: false
allowmanualinstall: true
userenrollment:
mode: allowed
watchOS:
introduced: n/a
content: Policies that affect system-wide certificate revocation checking.
payloadkeys:
- key: EnabledForCerts
title: Enabled certs
type: <array>
presence: optional
content: |-
An array of certificates that the system checks for revocation.
Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA.
It's not necessary to specify trusted root certificates because they're implicitly specified. See [https://support.apple.com/en-us/HT209143](https://support.apple.com/en-us/HT209143) for the available trusted root certificates for Apple operating systems.
subkeys:
- key: SubjectPublicKeyInfoHashDict
type: <dictionary>
content: A dictionary of hashed public keys.
subkeys:
- key: Algorithm
type: <string>
presence: required
rangelist:
- sha256
content: The algorithm must be `sha256`.
- key: Hash
type: <data>
presence: required
content: |-
The hash of the DER-encoding of the certificate's `subjectPublicKeyInfo`.
The hash field requires the data (`subjectPublicKeyInfo` hash) in a specific format: a Base64 encoded (binary) SHA-256 hash of the certificate's public key.
examples:
- title: Profile example
files:
- file: examples/mdm/profiles/com.apple.security.certificaterevocation/example1.plist