![]() The certificate template must have Read and Enroll permissions for the user account that enrolls the certificate on the Mac computer.įor more information, see Deploying the client certificate for Mac computers. Prepare the client certificate template for Macs For example, use the FQDN of the management point server. To deploy the client to devices running macOS Sierra, the subject name of the management point certificate must be configured correctly. If these site systems don't have it, deploy a client authentication certificate to the computers that host these site system roles:įor an example deployment that creates and installs the client certificate for management points, see the Deploying the client certificate for Windows computers.įor an example deployment that creates and installs the client certificate for distribution points, see the Deploying the client certificate for distribution points. Deploy a client authentication certificate to site system servers ![]() Specify the site system's internet FQDN value in the web server certificate for the management point, the distribution point, and the enrollment proxy point.įor more information of an example deployment, see Deploying the web server certificate for site systems that run IIS. If you don't require internet-based client management, you can specify the intranet FQDN value for the internet FQDN. The server doesn't have to be accessible from the internet to support Mac computers. The web server certificate must include the internet FQDN that's specified in the site system properties. If these site systems don't have it, deploy a web server certificate to the computers that have these site system roles: Deploy a web server certificate to site system servers The Configuration Manager client for macOS can't be used to connect to a management point that's configured to use a database replica. Mac computers don't communicate with site systems outside their assigned site. This configuration means that they communicate with internet-enabled management points and distribution points in their assigned site. Mac clients install as internet-only clients, even if communication is restricted to the intranet. Mac clients are automatically assigned to the Configuration Manager site that manages them. Use a certificate request and installation method that's independent from Configuration Manager.įor more information about Mac client certificate requirements, see PKI certificate requirements for Configuration Manager. Re-enroll Mac computers before the certificate expires. ![]() The enrollment process doesn't support automatic certificate renewal. Use Configuration Manager enrollment by using the CMEnroll tool. Make sure that Mac clients can locate and download a CRL.īefore you install the Configuration Manager client on a Mac computer, decide how to install the client certificate: Especially for Mac clients in a different forest to the issuing certification authority, check your CRL design. If Mac clients can't locate the certificate revocation list (CRL), they can't connect to Configuration Manager site systems. This certificate must meet the Configuration Manager certificate requirements.Ĭonfiguration Manager Mac clients always check for certificate revocation. You can also request and install a computer certificate independently from Configuration Manager. It uses Certificate Services with an enterprise certification authority, and the Configuration Manager enrollment point and enrollment proxy point. Configuration Manager can request and install a user client certificate. PKI certificates secure the communication between the Mac computers and the Configuration Manager site by using mutual authentication and encrypted data transfers. Certificate requirementsĬlient installation and management for Mac computers requires public key infrastructure (PKI) certificates. ![]() For more information, see Mac computers.įollow these steps to make sure that you're ready to deploy the Configuration Manager client to Mac computers.įor the list of supported versions, see Supported operating systems for clients and devices. Starting in January 2022, this feature of Configuration Manager is deprecated. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |