Files
apple_device-management/mdm/profiles/com.apple.security.certificaterevocation.yaml
T
2023-09-14 17:37:41 -04:00

43 lines
1.5 KiB
YAML

title: Certificate Revocation
description: Use this section to define settings for certificate revocation.
payload:
payloadtype: com.apple.security.certificaterevocation
supportedOS:
iOS:
introduced: '14.2'
multiple: true
supervised: false
allowmanualinstall: true
sharedipad:
mode: allowed
devicechannel: true
userchannel: false
userenrollment:
mode: allowed
content: Policies that affect system-wide certificate revocation checking.
payloadkeys:
- key: EnabledForCerts
title: Enabled Certs
type: <array>
presence: optional
content: |-
An array of certificates that the system checks for revocation.
Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA.
It is not necessary to specify trusted root certificates because they are implicitly specified. See <https://support.apple.com/en-us/HT209143> for the available trusted root certificates for Apple operating systems.
subkeys:
- key: SubjectPublicKeyInfoHashDict
type: <dictionary>
subkeys:
- key: Algorithm
type: <string>
presence: required
rangelist:
- sha256
content: The algorithm must be 'sha256'.
- key: Hash
type: <data>
presence: required
content: |-
The hash of the DER-encoding of the certificate's 'subjectPublicKeyInfo'.
The hash field requires the data ('subjectPublicKeyInfo' hash) in a specific format: a Base64 encoded (binary) SHA-256 hash of the certificate's public key.