Store machine certificate autoenrollment key-pairs in Keychain only.
Note that user certificate autoenrollment will always use Keychain only and is not controlled by any Group Policy.
NOTE: 802.1X profiles installed through the "Mac OSX Settings -> 802.1X Settings" Group Policies will no longer be signed if this GP is enabled before profiles are installed.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Mac\Security\PublicKeyPolicies |
Value Name | UseKeychain |
Value Type | REG_SZ |
Enabled Value | YES |
Disabled Value | NO |