In this post we will see how to deploy client certificate for Mac computers. If you are looking to install SCCM client agents

on Mac computers and manage Mac computers in System Center 2012 Configuration Manager, it requires public key

infrastructure (PKI) certificates. When you have PKI in place, then Configuration Manager can request and install a user

client certificate by using Microsoft Certificate Services with an enterprise certification authority (CA) and the Configuration

Manager enrollment point and enrollment proxy point site system roles. If you don’t have PKI in place, you can request and

install a computer certificate independently from Configuration Manager if the certificate meets the requirements for

Configuration Manager. The whole idea of deploying PKI certificates is to secure the communication between the Mac

computers and the Configuration Manager.

How to deploy Client Certificate for Mac ComputersIf you are looking for PKI step by step guide for SCCM 2012 r2, then click on the below button. You must have PKI

configured before you proceed any further.

Deploy PKI Certificates for SCCM 2012 R2 Step by Step GuideNote that the certificate that we create and issue basically authenticates the Mac client computer to the site system servers

that it communicates with, such as management points and distribution points.

Creating and Issuing a Mac Client Certificate Template on theCertification AuthorityBefore you create a certificate template, create a security group (for example Mac Users) that contains user accounts for

administrative users who will enroll the certificate on the Mac computer by using Configuration Manager.

On the member server that is running the Certification Authority console, right-click Certificate Templates, and then

click Manage to load the Certificate Templates management console.

In the results pane, right-click the entry that displays Authenticated Session in the column Template Display Name, and

then click Duplicate Template.

NOTE – If you are not using PKI, for certificate installation independent from Configuration Manager always use

Workstation Authentication template.

In the Duplicate Template dialog box, ensure that Windows 2003 Server is selected. In the Properties of New

Template dialog box, on the General tab, enter a template name to generate the Mac client certificate, such as Mac

Client Certificate.

Click the Subject Name tab, make sure that Build from this Active Directory information is selected, select Common

name for the Subject name format: and clear User principal name (UPN) from Include this information in alternate

subject name.

Click the Security tab, and remove the Enroll permission from the Domain Admins and Enterprise Adminssecurity

groups.

Click Add, specify the security group that you created for users who will enroll the certificate on the Mac computer by using

Configuration Manager, and then click OK. Select the Enroll permission for this group, and do not clear

the Read permission.

In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to

Issue.

In the Enable Certificate Templates dialog box, select the new template that you have just created, Mac Client

Certificate, and then click OK.

The Mac client certificate template is now ready to be selected when you configure client settings for enrollment. In the

upcoming posts, we will see more about installing client agents on mac computers and managing them via Configuration

Manager.