Store private and public key in Keychain only

Store machine certificate autoenrollment key-pairs in Keychain only.

Note that user certificate autoenrollment will always use Keychain only and is not controlled by any Group Policy.

NOTE: 802.1X profiles installed through the "Mac OSX Settings -> 802.1X Settings" Group Policies will no longer be signed if this GP is enabled before profiles are installed.

Supported on:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\Mac\Security\PublicKeyPolicies
Value NameUseKeychain
Value TypeREG_SZ
Enabled ValueYES
Disabled ValueNO

centrify_mac_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)