The certificate purpose (Enhanced Key Usage): Client authentication For Mac computers, the client certificate requirements are as follows: Much like native mode in Configuration Manager 2007 and the client-server PKI connections in System Center 2012 Configuration Manager, you can use any PKI deployment to deploy the certificate for Mac computers if it adheres to our documented certificate requirements. If you don’t meet these requirements, or you don’t want an automated certificate deployment mechanism, you can request and install the certificate independently from Configuration Manager, and then install the Configuration Manager client. However, it does require the user to have an account in Active Directory, and it requires Active Directory Certificate Services with a customized certificate template (so you must be running an enterprise version of the operating system and an enterprise CA).

This deployment method scales well and uses your existing infrastructure to secure and automate the certificate deployment. This tool allows users with an Active Directory account to install the Configuration Manager client and automatically request and install the required client PKI certificate. Most customers who want to manage Mac computers using System Center 2012 Configuration Manager SP1 will use the enrollment tool, CMEnroll. First published on CLOUDBLOGS on Apr 05, 2013