How to deploy a Root CA certificate to Macs?
Important note: you need Parallels MDM component of Parallels Mac Management installed and running, Macs enrolled to it and its MDM certificate approved by users.
1. First of all, please export the Root CA certificate:
- Log into the Root Certification Authority server with Administrator account;
- Start Command Line and execute this command: certutil -ca.cert ca_name.cer
It will export the Root CA certificate to a file named ca_name.cer to the location where the Command Line is launched:
2. Now you need to create a configuration profile containing the certificate. There are many ways to do it, e.g., you may use the free ProfileCreator utility. We'll use it in this article.
Install it to a Mac and copy the exported certificate to the Mac. Create a new profile and specify its Name, Payload Description and Scope: System:
Click on Certificate PKCS1 Payload, specify the certificate file and click Add:
Click File → Export to save the profile to .mobileconfig file:
Copy the .mobileconfig file to computer with SCCM Console.
3. Now you need to create a Configuration Item containing the certificate payload. Please launch SCCM Console → Assets and Compliance → Compliance Settings, click Create Parallels Configuration Item → Mac OS X Configuration Profile from File:
Enter the name for the Configuration Item (like Root CA certificate), select both options System profile and Install via MDM server (required), and specify the .mobileconfig file you created in the previous step:
Click OK to save the Configuration Item.
4. Now you need to create a Configuration Baseline, add the Configuration Item to it and deploy it to the appropriate SCCM Device Collection:
Once Macs receive the updated policies, they will install the deployed certificate as Trusted.