Share via

How to save user certificates for macOS provided by Intune via SCEP in user keychain instead of system keychain?

Behrmann, Martin 5 Reputation points
2023-02-12T22:07:05.3433333+00:00

In this article

https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep

there is the following statement:

Storage of certificates provisioned by SCEP:

  • macOS - Certificates you provision with SCEP are always placed in the system keychain (System store) of the device.

Why is that? How can one place the SCEP certificate in the user keychain aka login keychain.

If a user specific certificate is stored in the system keychain any other other of the device could use that certificate and thus use a false identity.

There are other MDM tools which are able to place a SCEP certificate either in the system or the login keychain.

Microsoft Intune MacOs
Microsoft Intune MacOs
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.MacOs: A family of Apple operating systems for the Apple Mac line of computers.
89 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lefaux Olivier 0 Reputation points
    2023-07-25T13:53:59.21+00:00

    hi ,

    I met the same issue , but it possible to Allow all apps access to private key in scep profil . This parameters permit to passthrought request access to system key chain when you launch vpn apps ...

    regards Olivier

  2. Lefaux Olivier 0 Reputation points
    2023-07-25T15:06:08.29+00:00

    sorry , I don't know how if it's possible.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.