Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4329: Auto-enrolled certificates fail to copy to Keychain if cert name contains special characters

Centrify Identity Service, Mac Edition ,  

8 May,17 at 03:50 AM

Applies to: Centrify DirectControl on Mac OS X 10.7 and higher

Problem:

If an auto-enrolled certificate template name contains a special character - the certificate is successfully downloaded to the Mac certificate cache folders, but it does not get imported into Keychain Access.

This issue affects both machine certificates and user certificates.

Example: A machine certificate named "Computer Authenticate (Wi-Fi)" is configured for auto-enrollment and group policies on the Mac is refreshed. 

The certificate will appear in the "/var/centrify/net/certs/" folder, but it will not appear in Keychain Access.


Cause:

Special characters such !, *, (, ), /, etc. are acceptable characters for certificate template names, but are also reserved characters for processing in OS X and need to be properly handled. 


Workaround:

When configuring certificates for auto-enrollment on Mac systems, avoid the use of special characters in the template names. 

For further information on setting up machine and user certificates, see the following KBs respectively:

Resolution:

This is fixed in version 5.2.2 of the Centrify for Mac agent.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.