Verify certificate deployments

After you configure your Certificate Authority and deploy the certificates, verify that the certificates are present on your user's desktop devices.

If you're unable to verify that a certificate was deployed with the required settings, review the task steps. Ensure that you select Device Access in the Okta Admin Console and that the certificates are set at Computer Level in your MDM.

macOS

To verify the certificate on a macOS system:

  1. On the macOS device managed by an MDM, open System PreferencesProfiles.

  2. Click Keychain and then click System.

  3. Confirm that the client certificate and the associated private key exist.

  4. Verify that a custom extension with OID 1.3.6.1.4.1.51150.13.1 is present on the client certificate.

Windows

To verify the certificate on a Windows system:

  1. On the Windows computer, click Start, and then enter cert.
  2. Click Manage user certificates.
  3. Under Certificates - Current User, click PersonalCertificates.
  4. Make sure that the client certificate exists.

  5. Verify that a custom extension with OID 1.3.6.1.4.1.51150.13.1 is present on the client certificate, or the OID extension 1.3.6.1.4.1.51150.13.1.1 exists as part of the enhanced key usage extension.

Related topics

Configure a Certificate Authority

Client certificates

Management attestation FAQ