Windows requests certificates via DCE/RPC. The answer to the first question was easily answered.
#Certificate templates for pages mac mac
So that led me to ask some questions: How do Windows systems get certificates? Can the Mac get certificates the same way? Instead of saying “the Mac just works” with certificates in these enterprise environments, IT had to do a bunch of infrastructure changes. To top it off, a lot of the Web CA web pages only worked in IE 6, so it sometimes required upgrading Windows services to get it to work properly on the Mac. Enterprise environments resisted doing this because of security issues with web access. Using the Web CA meant turning on IIS / Web Services and giving web services access to the certificate authority. The problem was that it required large organizations to modify their MSCA to support SCEP, and it still didn’t get them the types of certificates they needed for 802.1X and any other services on the Mac that require certificate-based authentication.īut here’s the thing: There was something that did work to retrieve certificates and it was the Web CA component of MSCA. Configuration profiles were just coming to the Mac and the SCEP profile was include as one of the profiles available on the Mac. There was an add-on to the MSCA for SCEP (named NDES ), but it was limited as NDES was generally used for routers / fixed devices renewing certificates. Most large organizations, however, didn’t issue digital certificates via SCEP, they used the Microsoft Certificate Authority (MSCA) service in Windows Server. The iPhone had really taken off, and there was a big push to use SCEP to get certificates for WiFi and other services that required digital certificates. I worked at Apple in 2011 with enterprise customers to help them integrate Macs into their environments. How the AD Certificate Profile got into macOS when I was at Apple and a new open source project called tcscertrequest If you think you might be interested in using this tool, ping me on twitter the macadmins slack channel #twocanoes-certrequest, or send us an message via our contact form on Twocanoes. The history of the project is interesting, but if you just want to learn about the tool, skip down to The tcsertrequest Command Line Tool section below. The request is sent the same way it would be sent from a Windows computer so no modifications to the Windows infrastructure is required to work with the Mac. I have created a macOS command line tool called “tcscertrequest” that submits requests to a Microsoft Certificate Authority from the macOS command line.
Posted on Februby Timothy Perfitt - Certificates Updates How the AD Certificate Profile got into macOS when I was at Apple
0 kommentar(er)
