ACME (macOS Device)
Use the Automated Certificate Management Environment (ACME) configuration to distribute ACME certificates to devices. You do this when:
Using a template ensures that each certificate received by a device is dynamic. For information about how to create a certificate template, see Adding Certificates.
| Certificate Template | Select the ACME certificate template you created in the certificate authority. |
| Client Identifier | Enter a unique string identifying a specific device. The ACME server
may use this as a one-time identifier to prevent issuing multiple
certificates. Note: Select the gear icon to use
the available macros. |
| Allow All Apps Access | Select this toggle to enable all apps to have access to the private key. |
| Extractable Key | When enabled, the private key of the identity obtained through the Simple Certificate Enrollment Protocol (SCEP) needs to be tagged as non-extractable. |
| Attest | When enabled, the device sends attestations and its key to the ACME server, which evaluates trust and determines whether to provide the certificate. |
| Hardware Bound | If false, the private key is not bound to the device. Note: Setting this key to true is
supported as of macOS 14 on Apple Silicon and Intel devices that
have a T2 chip. Older macOS versions or other Mac devices require
this key but it must have a value of
false. |