TheTest.com

Certificate and Profile Management

What configuration profiles and certificates are, why they're on your device, and how to view them

If your device is managed by an organization, it likely has configuration profiles and certificates installed. Profiles configure settings like Wi-Fi, VPN, and email automatically. Certificates verify your device's identity when connecting to secure networks and services. They're standard parts of enterprise device management, and knowing where to find them helps when something isn't working.

Viewing installed profiles:

  1. Open System Settings
  2. Go to General > Device Management (on managed Macs) or Privacy & Security > Profiles (if visible)
  3. You'll see a list of installed configuration profiles

Each profile has a name, description, and details about what it configures. Click a profile to see specifics – what settings it manages, when it was installed, and whether it can be removed.

If neither Device Management nor Profiles appears in your settings, no configuration profiles are currently installed.

Common profile types you'll see:

  • MDM enrollment profile – Connects your Mac to your organization's management server. This is the primary profile and usually can't be removed on company-owned devices.
  • Wi-Fi profile – Configures your device to automatically connect to the corporate wireless network with the correct authentication.
  • VPN profile – Sets up VPN connections so you can access internal resources remotely.
  • Email profile – Configures Mail or Outlook with your work email account settings.
  • Certificate profile – Installs certificates your device needs to authenticate with corporate services.

Viewing installed certificates:

  1. Open Keychain Access (search with Spotlight: Cmd + Space, type "Keychain Access")
  2. In the sidebar, select the System keychain for device-level certificates or login for user certificates
  3. Click Certificates in the category bar to filter the view

IT-deployed certificates typically appear in the System keychain. Root certificates from your organization's certificate authority will be in System Roots.

When profiles cause issues:

  • Can't connect to corporate Wi-Fi: The Wi-Fi certificate may have expired. Check with IT – they'll need to push a new certificate through the MDM.
  • VPN won't connect: Open System Settings > General > Device Management, find the VPN profile, and check if it shows any errors. Restarting your Mac sometimes resolves temporary certificate issues.
  • "Profile installation failed" errors: This usually means the profile is malformed or conflicts with an existing one. Contact IT – this isn't something you can fix on your end.
  • App or website certificate warnings: If you see "This certificate is not trusted" on an internal company site, your device may be missing the organization's root certificate. IT needs to deploy it.

Removing a profile (when allowed):

  1. Open System Settings > General > Device Management
  2. Select the profile you want to remove
  3. Click the remove button (minus icon) and confirm with your Mac password

If the remove option isn't available, the profile is locked by IT and can only be removed by your organization.

Frequently Asked Questions

What happens if a certificate expires?

You'll likely lose the ability to connect to whatever service that certificate authenticated – corporate Wi-Fi, VPN, or internal websites. Most MDM systems automatically renew certificates before they expire. If you suddenly can't connect to a service that was working fine, an expired certificate is a likely cause. Contact IT to have it renewed.

Can I install configuration profiles myself?

On a managed device, profiles are typically pushed by IT through the MDM. On macOS, you can manually install .mobileconfig files by double-clicking them, but only do this if IT explicitly asks you to. Never install profiles from unknown sources – they can change device settings, route your traffic, or install certificates that compromise your security.

Why does my Wi-Fi keep asking me to "trust" a certificate?

This usually means your device is missing the root certificate for your organization's Wi-Fi authentication server. The prompt is your device saying it can't verify the network is legitimate. Don't just click trust every time – contact IT to get the proper root certificate installed, which will resolve the prompt permanently.

Are configuration profiles the same as apps?

No. Profiles are settings configurations, not software. A profile might configure your Wi-Fi password, set up a VPN connection, or install a certificate, but it doesn't install applications. Profiles are lightweight and don't take up noticeable storage space.

Can a configuration profile spy on me?

Standard corporate profiles configure settings like Wi-Fi, VPN, and email. They don't monitor your activity. However, some profiles can install root certificates that could theoretically allow network traffic inspection. On a company-owned device, this is sometimes used for web filtering. If you're concerned, check what profiles are installed and ask IT what each one does.