Manualshelf

Operation Manual

ManualsBrandsApple ManualsOtheriOS Implementierung
31323334353637383940
Chapter 4 Infrastructure and integration 33
The list of supported certicate and identity formats on Apple devices are:
X.509 certicates with RSA keys
Certicate: .cer, .crt, .der
Identity: .pfx, .p12
Deploy certicates to establish trust with Certication Authorities (CA) that are not trusted by
default (such as an organizational-issuing certication authority).
Distribute and install certicates
Manually distributing certicates to iOS devices is simple. When a certicate is received,
users simply tap to review the contents, then tap to add the certicate to their device.
When an identity certicate is installed, users are prompted for the password that protects it.
If a certicates authenticity can’t be veried, its shown as untrusted and the user can decide
whether to add it to their device.
Install certicates using conguration proles
If conguration proles are being used to distribute settings for corporate services such as
S/MIME mail, VPN, or Wi-Fi, certicates can be added to the prole to streamline deployment.
This includes the ability to distribute certicates with MDM.
Install certicates via Mail or Safari
If a certicate is sent in a mail message, it appears as an attachment. Safari can also be used
to download certicates from a webpage. You can host a certicate on a secured website and
provide users with the URL where they can download the certicate onto their Apple device.
Certicate removal and revocation
To manually remove a certicate that’s been installed, choose Settings > General > Device
Management, select a prole, choose More Details, and choose the appropriate certicate to
remove. If a user removes a certicate that’s required for accessing an account or network, the
iOS device is no longer able to connect to those services.
An MDM server can view all certicates on a device and remove any certicates it has installed.
Additionally, the Online Certicate Status Protocol (OCSP) and CRL (Certicate Revocation List)
protocol are supported to check the status of certicates. When an OCSP- or CRL-enabled
certicate is used, both iOS and OS X periodically validate it to make sure that it hasn’t
been revoked.
Single Sign-On (SSO)
Single Sign-On (SSO) is a process in which a user can provide authentication information once,
receive a ticket, and use it to access resources for as long as the ticket is valid. This strategy
makes it possible to maintain secure access to resources without the system prompting the
user for credentials every time access is requested. It also increases the security of daily app use,
by ensuring that passwords are never transmitted over the network.
100% resize factor