Verify certificate deployments

After you configure your Certificate Authority and deploy the certificates, verify that the certificates are present on your user's desktop devices.

If you can't verify that a certificate is deployed with the required settings, review the task steps. Ensure that you selected Device Access in the Okta Admin Console and that the certificates are set at Computer Level in your MDM.

macOS

To verify the certificate on a macOS system:

  1. On the macOS device managed by an MDM, open System PreferencesProfiles.

  2. Click Keychain and then click System.

  3. Confirm that the client certificate and the associated private key exist.

  4. Verify that a custom extension with OID 1.3.6.1.4.1.51150.13.1 is present on the client certificate.

Windows

To verify the certificate on a Windows system:

  1. Click Start, and then enter certlm.msc.

  2. Click Manage computer certificates.

  3. Under Certificates - Local Computer, click PersonalCertificates.

  4. Make sure that the client certificate exists.

  5. Verify that a custom extension with OID 1.3.6.1.4.1.51150.13.1 is present on the client certificate. Or, verify that the OID extension 1.3.6.1.4.1.51150.13.1.1 exists as part of the enhanced key usage extension.

Related topics

Configure a Certificate Authority

Client certificates

Management attestation FAQ