Certificate sharing for iOS

AntonThirifays · ‎10-26-2022

Hi,

We currently have three different profiles that distribute the same certificate on the device.

One is for wifi auth, one is for per-app VPN and the third one is for EAS access to Exchange.

Instead of having 3 different identical certificates we're considering having one profile that would only distribute said certificate and then other profile (wifi, per-app VPN etc) to call out to the certificate distributed by the profile and exploit it for needed services.

After liaising with VMWare it seems this is a GUI restriction from the console that does not allow it but it should be doable through custom settings. Except that, even though i see some data on this page https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates I do not know how I should proceed with this info or how to build a proper custom settings payload to do that.

Anybody already successfully implemented certificate sharing on iOS devices ?

Thanks,

Anton

psiwi1 · ‎11-01-2022

If you have your own Certificate Authorities (CA) you can configure them in UEM and create templates of the CA to use for those different profiles that you are mentioning. That way you are not deploying the whole chain in each profile.

AntonThirifays · ‎11-02-2022

Hello,

Yes we have our own CA, we distribute the roots and intermediates separately so that the per-app vpn profile, wifi profile etc only distribute the user / machine cert. We're already not deploying the whole chain.

The question here is how I can call out for a profile to use a specific profile distributed by another certificate

All

Certificate sharing for iOS