Device Cert on MAC

Question

We have some issues with our Macs and need some insight from any one here in forum please.

We use PKI issued certs for client device access to apps via Azure AD Conditional Access rules, and to AnyConnect client VPN. For both of these use cases the auth is leveraging the User issued certificates.

At the same time while we issue User certificates, we also issue Device certificates to all endpoints. Our Macs have an issue with having both device and user cert, so we are considering no longer issuing device certs and only issuing user certs.

Can some one please provide any thoughts on this proposal, potential issues if devices no longer have device and only user certs, and anything it may impact?

Answer 1

Hello @Learning

First of all I would like to recommend the next article to troubleshoot TLS/SSL issues with MAC computers: https://learn.microsoft.com/en-us/azure/active-directory/develop/ssl-issues

Regarding using only User certificates, it will depend on the usage. By default machine or computer certificates are used for network authentication, while user certificates are used for applications, EFS, and resources.

Computer and User Certificate Requirements
http://technet.microsoft.com/en-us/library/dd197531(v=WS.10).aspx

In addition, I'd like to share some related article for your reference:

Certificates
http://technet.microsoft.com/en-us/library/cc700805.aspx

How Certificates Work
http://technet.microsoft.com/en-us/library/cc776447(v=WS.10).aspx

Hope this helps with your query,

------------

--If the reply is helpful, please Upvote and Accept as answer--