Centrify DirectControl on Mac OS X 10.7 and higherProblem:
If an auto-enrolled certificate template name contains a special character - the certificate is successfully downloaded to the Mac certificate cache folders, but it does not get imported into Keychain Access.
This issue affects both machine certificates and user certificates.
Example: A machine certificate named "Computer Authenticate (Wi-Fi)" is configured for auto-enrollment and group policies on the Mac is refreshed.
The certificate will appear in the "/var/centrify/net/certs/
" folder, but it will not appear in Keychain Access.Cause:
Special characters such !, *, (, ), /, etc. are acceptable characters for certificate template names, but are also reserved characters for processing in OS X and need to be properly handled. Workaround:
When configuring certificates for auto-enrollment on Mac systems, avoid the use of special characters in the template names.
For further information on setting up machine and user certificates, see the following KBs respectively:
This is fixed in version 5.2.2 of the Centrify for Mac agent.