---
title: CertificateRevocation
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/certificaterevocation
---

# CertificateRevocation

The payload that configures certificate revocation checking.

## Declaration

```data
object CertificateRevocation
```

## Properties

EnabledForCerts: An array of certificates that the system checks for revocation. Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA. It’s not necessary to specify trusted root certificates because they’re implicitly specified. See https://support.apple.com/en-us/HT209143 for the available trusted root certificates for Apple operating systems.

## Discussion

Discussion Specify com.apple.security.certificaterevocation as the payload type. Profile availability  |   |   |   |   |   |   |   |  Profile example <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>EnabledForCerts</key>             <array>                 <dict>                     <key>Algorithm</key>                     <string>sha256</string>                     <key>Hash</key>                     <data>ExampleDatY=</data>                 </dict>             </array>             <key>PayloadDescription</key>             <string>Configures certificate Revocation</string>             <key>PayloadDisplayName</key>             <string>Certificate Revocation</string>             <key>PayloadIdentifier</key>             <string>com.example.mycertrevpayload</string>             <key>PayloadType</key>             <string>com.apple.security.certificaterevocation</string>             <key>PayloadUUID</key>             <string>2a4deb38-4c9f-43fd-a933-6598f4866e3b</string>             <key>PayloadVersion</key>             <integer>1</integer>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>Certificate Revocation</string>     <key>PayloadIdentifier</key>     <string>com.example.myprofile</string>     <key>PayloadType</key>     <string>Configuration</string>     <key>PayloadUUID</key>     <string>b548e6df-10ad-438a-a65b-6b39374b7aff</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

## Topics

### Objects

- [CertificateRevocation.SubjectPublicKeyInfoHashDict](devicemanagement/certificaterevocation/subjectpublickeyinfohashdict.md)

## See Also

### Certificates

- [ACMECertificate](devicemanagement/acmecertificate.md)
- [ActiveDirectoryCertificate](devicemanagement/activedirectorycertificate.md)
- [CertificatePEM](devicemanagement/certificatepem.md)
- [CertificatePKCS1](devicemanagement/certificatepkcs1.md)
- [CertificatePKCS12](devicemanagement/certificatepkcs12.md)
- [CertificateRoot](devicemanagement/certificateroot.md)
- [CertificatePreference](devicemanagement/certificatepreference.md)
- [CertificateTransparency](devicemanagement/certificatetransparency.md)
- [SCEP](devicemanagement/scep.md)