Category filter

How to Add Certificates for Mac devices

A digital certificate added to a device allows a person to access corporate resources securely over the internet. There is a growing need for digital certificates in an enterprise since securing corporate data has always been an essential and high-priority task for Mac administrators.

With the help of a Mobile Device Management solution like Hexnode UEM, administrators can remotely distribute and install certificates to Mac devices. A digital certificate can secure network connections (VPN and Wi-Fi) and makes sure that only the specified users or devices have access to corporate data.

Once the certificates are added to the Hexnode portal via policies, you can make use of these certificates in every other macOS functionality that requires a certificate.


Make sure you continue with the existing Certificates policy under macOS to access the list of certificates for other functionalities such as Wi-Fi, VPN, and so on. For example, configure a policy named Policy 1 to add certificates and save the policy. To use the added certificates in a network configuration like Wi-Fi, configure the Wi-Fi feature in the same policy itself (Policy 1).

Add Certificates for Mac devices via Hexnode Policies

To add certificates on your Mac via policy,

  1. Log in to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to macOS > Security > Certificates. Click Configure.
  4. Tap on the Add Certificate button to import a new credential certificate profile from your device. You can add as many certificates as you need.

To remove a certificate, click on the ‘x’ button at the top-right corner of each certificate listing. The added certificate will display the following options:

  • Credential Name– Credential name refers to the display name of the certificate. This field becomes visible once you upload a certificate by clicking Add Certificate. Even though this field will already be filled, you can change it if necessary.
  • Credential Details– You can click on the ‘+’ button adjacent to Credential Details to view the subject, issuer name, and the expiry date. Click on ‘–’ to collapse the details section.

For certificates with .p12 extensions, provide the password that is used to secure the credentials. Silent installation of such certificates takes place if the password provided is correct.

Associate policy with devices/groups

If the policy has not been saved,

  1. Navigate to Policy Targets > +Add Devices.
  2. Choose the target devices and click Ok. Click Save
  3. You can also associate the policy with device groups, users, user groups, or domains from the left pane of the Policy Targets tab.

If the policy has been saved,

  1. Go to the Policies tab and choose the desired policy.
  2. Click on Manage drop-down and select Associate Targets.
  3. Choose the target entities and associate the policy.

What happens at the device end?

The certificates will get added on the system keychain and, user can find it listed on the Keychain Access app on their Mac. The certificates associated via the policy can also be viewed under System Preferences > Profiles > [Select certificate policy].

Certificates added to macOS devices using Hexnode MDM

  • Managing Mac Devices