Bypass CA certificate trust popup when using an MDM

Question

Created Sep ’21

Replies 1

Boosts 0

Participants 2

This is not strictly a Network Extension question, but for context: We are developing a content filter using NETransparentProxyProvider network extension and we also need the operating system trust a third party certificate authority (CA).

This operation requires user interaction and this is fine during a normal installation. However, it is not desirable when deployed via a Mobile Device Management (MDM) system as the end users can skip the CA installation step ending up with a broken installation.

Is there a way to bypass CA certificate trust popups when deployed via an MDM?

Boost

Answer 1

Systems Engineer OP

Apple

Sep ’21

We are developing a content filter using NETransparentProxyProvider network extension

As a side note, you should look into APIs like NEFilterDataProvider.

Regarding:

Is there a way to bypass CA certificate trust popups when deployed via an MDM?

If I am understanding you correctly, no, and this is by design as of macOS 11.0.1 I believe. Take a look at the release notes here. Now, I would recommend opening an Enhancement Request here and explaining your situation. Last I knew, an MDM situation like you are describing was something being considered, but I have no idea where this stands.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0