Forum Discussion

manojviduranga's avatar
manojviduranga
MCT
Nov 20, 2023

SCPE and Trusted Root Certificate deployment for macOS

Howdy Folks, 

 

I'm trying to deploy a Wi-Fi Profile to macOS device group. As the first step is to get the root certificate in place, I've exported the root cert from our CA and created a Trusted Certificate profile using that cert file.

 

Profile deployment status in Intune portal, shows successful but when I try to verify this in mac through Keychain, Root certificate is not visible in "System Roots", which is probably the reason why I see the SCEP certificate is untrusted?.

 

 

Has anyone done this successfully? wondering what I might have missed here. 

 

Appreciate any ideas!

 

Thank you

Intune
mobile device management (mdm)

2 Replies

  • Deleted's avatar
    Deleted
    Nov 20, 2023

    Hello manojviduranga 

     

    Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.

     

    • Verify that you exported the root certificate in the correct format. macOS typically requires certificates to be in the PEM or DER format. Ensure that the exported certificate is in one of these formats.
    • Open the exported certificate file and confirm that it contains the correct root certificate. Ensure that the root certificate is not expired, and all required fields are properly populated.
    • On the macOS device, open "Keychain Access" and check the "System Roots" keychain. If the root certificate is not present, it might not have been installed correctly. Manually check the keychain for the presence of the root certificate.

    If you having issue, please follow the below link

    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/certificates/ios-scep-failure-no-getcacaps

     

     

    If I have answered your question, please mark your post as Solved

    If you like my response, please give it a Like :smile:

    Appreciate your Kudos! Proud to contribute! ğŸ™‚

     

    • PascalCC's avatar
      PascalCC
      Copper Contributor
      Dec 27, 2023
      Hello, did you find a solution? We have exactly the same issue in my company.
      I tried to install our certificate with an Intune configuration profile or with a PKG followed by a script. The Certificate is present but not trusted. If I use the same command line to install the certificate manually, then it is trusted.
      I tried with a .cer and a .pem certificate file. Signature algorithm is SHA256RSA.
      The command line used is :
      security add-trusted-cert -d -r trustAsRoot -k "/Library/Keychains/System.keychain" "/Users/Shared/Certificat/<MYCERTIFICATE>"

      Thank you for your answer.
      Pascal

Resources