SCEP

The payload that configures Simple Certificate Enrollment Protocol (SCEP) settings.

Declaration

object SCEP

Properties

Name	Type	Description
`PayloadContent` Required	`SCEP.PayloadContent`	A dictionary containing the SCEP information.

Mentioned in

Implementing Platform SSO during device enrollment

Discussion

Specify com.apple.security.scep as the payload type.

A SCEP payload automates the request of a client certificate from a SCEP server, as described in Over-the-Air Profile Delivery and Configuration.

Profile availability


Device channel	iOS, macOS, Shared iPad, tvOS, visionOS, watchOS
User channel	macOS
Allow manual install	iOS, macOS, tvOS, visionOS, watchOS
Requires supervision	N/A
Requires user-approved MDM	N/A
Allowed in user enrollment	iOS, macOS, visionOS
Allow multiple payloads	iOS, macOS, Shared iPad, tvOS, visionOS, watchOS

Profile example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadContent</key>
            <dict>
                <key>Challenge</key>
                <string>Example</string>
                <key>Key Type</key>
                <string>RSA</string>
                <key>Key Usage</key>
                <integer>5</integer>
                <key>Keysize</key>
                <integer>0</integer>
                <key>Name</key>
                <string>example.org</string>
                <key>Subject</key>
                <array>
                    <array>
                        <array>
                            <string>C</string>
                            <string>US</string>
                        </array>
                        <array>
                            <string>O</string>
                            <string>Example Inc.</string>
                        </array>
                        <array>
                            <string>CN</string>
                            <string>foo</string>
                        </array>
                        <array>
                            <string>1.2.5.3</string>
                            <string>bar</string>
                        </array>
                    </array>
                </array>
                <key>SubjectAltName</key>
                <dict>
                    <key>dNSName</key>
                    <string>example.com</string>
                    <key>ntPrincipalName</key>
                    <string>hostname.example.com</string>
                </dict>
                <key>URL</key>
                <string>https://hostname.example.com/</string>
            </dict>
            <key>PayloadIdentifier</key>
            <string>com.example.myscepcertpayload</string>
            <key>PayloadType</key>
            <string>com.apple.security.scep</string>
            <key>PayloadUUID</key>
            <string>c0264fd7-1d89-4385-8806-759fbe78a622</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>SCEP Certificate</string>
    <key>PayloadIdentifier</key>
    <string>com.example.myprofile</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>bc0328a9-c199-4572-9e5e-ed59a73454fa</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Topics

Objects

SCEP.PayloadContent