CertificateRevocation

The payload that configures certificate revocation checking.

Declaration

object CertificateRevocation

Properties

Name Type Description

Name	Type	Description
`EnabledForCerts`	[`CertificateRevocation.SubjectPublicKeyInfoHashDict`]	An array of certificates that the system checks for revocation. Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA. It’s not necessary to specify trusted root certificates because they’re implicitly specified. See https://support.apple.com/en-us/HT209143 for the available trusted root certificates for Apple operating systems.

EnabledForCerts

[CertificateRevocation.SubjectPublicKeyInfoHashDict]

An array of certificates that the system checks for revocation.

Specifying a certificate authority (CA) enables revocation checking for all certificates chaining up to that CA.

It’s not necessary to specify trusted root certificates because they’re implicitly specified. See https://support.apple.com/en-us/HT209143 for the available trusted root certificates for Apple operating systems.

Discussion

Specify com.apple.security.certificaterevocation as the payload type.

Profile availability


Device channel	iOS, Shared iPad, visionOS
User channel	NA
Allow manual install	iOS, visionOS
Requires supervision	NA
Requires user-approved MDM	NA
Allowed in user enrollment	iOS, visionOS
Allow multiple payloads	iOS, Shared iPad, visionOS

Profile example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>EnabledForCerts</key>
            <array>
                <dict>
                    <key>Algorithm</key>
                    <string>sha256</string>
                    <key>Hash</key>
                    <data>ExampleDatY=</data>
                </dict>
            </array>
            <key>PayloadDescription</key>
            <string>Configures certificate Revocation</string>
            <key>PayloadDisplayName</key>
            <string>Certificate Revocation</string>
            <key>PayloadIdentifier</key>
            <string>com.example.mycertrevpayload</string>
            <key>PayloadType</key>
            <string>com.apple.security.certificaterevocation</string>
            <key>PayloadUUID</key>
            <string>2a4deb38-4c9f-43fd-a933-6598f4866e3b</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Certificate Revocation</string>
    <key>PayloadIdentifier</key>
    <string>com.example.myprofile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>b548e6df-10ad-438a-a65b-6b39374b7aff</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Topics

Objects

CertificateRevocation.SubjectPublicKeyInfoHashDict