lachama

Q: AD Certificate payload option to allow all apps not working

I am trying to push out a config profile to setup OSX hosts to request a device cert from our internal CA. Because I need to use this cert to validate hosts via VPN with Cisco Anyconnect, I need all apps (or just anyconnect but there's no easy way to do this programmatically apparently) to be able to access the cert and key (Don't want y users to receive keychain prompts each and everytime they connect to the VPN)

 

So I configure the profile with this option enabled

 

Screen Shot 2015-04-24 at 10.23.50 AM.png

I see the key setup in the config file <key>AllowAllAppsAccess</key><true/>

 

However, when I install the profile and the cert and key are installed in my keychain the ACL for the private key does not have the Allow all apps option

 

Screen Shot 2015-04-24 at 10.25.11 AM.png

OSX Server, Configuration Profiles

Posted on Apr 24, 2015 10:29 AM