Skip to content

Root certificate configuration (macOS device policy)

With the Root certificate configuration, you upload a root certificate to a policy. When you assign the policy to a device, the certificate gets installed.

You can upload X.509 certificate files in Privacy-Enhanced Mail (PEM) and Distinguished Encoding Rules (DER) encoding.

Commonly used file extensions are:

  • PEM encoding: .cer, .crt, .pem
  • DER encoding: .cer, .der

After you add a Root certificate configuration to a policy, you can use it in other configurations of the same policy, for example, as Extensible Authentication Protocol (EAP) server certificate in a Wi-Fi configuration.

Upload certificate

For a general description of adding configurations to a policy, see Create policy.

To upload a root certificate to a policy, do as follows:

  1. On the policy’s Edit policy page, click Add configuration > Root certificate.
  2. Click Upload a file.
  3. Select a file containing a certificate in X.509 format and click Open.

    Tip: Instead of using Upload a file, you can drag the certificate file from File Explorer and drop it anywhere in the File area.

    Dropping a certificate file in the File area.

  4. After the file is uploaded, the Certificate name field shows the certificate issuer’s Distinguished Name (DN) information.

    The Distinguished Name information.

  5. Click Apply to save the configuration.

  6. On the Edit policy page, click Save.

To upload more root certificates, add a Root certificate configuration for each certificate to the policy.