Certificate Revocation Checking Configuration

This configuration allows the administrators to check an array of certificates revoked from a device. Administrators can specify a certificate authority (CA) that allows the configuration to enable revocation checking for all the certificates that are linked to the specified CA.

Applicable to: iOS 14.2+


  1. Go to Policies & Configurations > Configurations.
  2. Click Add NewApple > iOS / tvOS > Certificate Revocation.

    The New Certificate Revocation Setting dialog box opens.

  3. Enter a Name and Description of the configuration.
  4. Click the Add+ button.
  5. Select the Hash Algorithm (SHA 256 is the default) and enter the Hash of the root certificate.

    In Hash, you have to enter a Base64 encoded (binary) SHA-256 hash of the certificate’s public key. See Apple documentation for the available trusted root certificates for Apple operating systems. You can add multiple root certificates in this configuration.

  6. Click Save.