Configure a certificate profile
Before you begin
- Upload a Certificate Authority (CA) certificate to verify device certificates.
- Create Online Certificate Status
Protocol (OCSP)
to check revoked certificates in real time.Note: Only external type OCSP servers can be configured as part of a certificate profile.
This step is optional. You only need to configure OCSP if you are going to select the Check Revocation Status (OCSP Server) option when you’re configuring the certificate profile. See OCSP to learn more.
- In order to pass verification the device certificate must be signed by the configured Certificate Authority (CA).
- EAA Client will verify certificates stored in the following locations on the end-user
device:
- macOS: System.keychain located in /Library/Keychains/System.keychain
- Windows: CERT_SYSTEM_STORE_LOCAL_MACHINE/My located in SystemCertificates. See System Store Locations for more details.
How to
Next steps
Now you may apply your certificate profile as a part of tier and tag configuration to evaluate security posture of devices and allow or deny access to applications. See Configure tiers and tags.
Each device in your deployment will now be evaluated against any configured certificate profiles and you may also use certificate profiles as criteria for creating inventory reports. See Create a device inventory report and Create report for devices that match certificate profiles.