Generate Encryption Recovery Key Escrow Certificate
To generate the certificate and key pair complete the following steps:
About this task
Procedure
- From the WebUI main page, click .
- On the Admin page, expand Recovery Key Escrow and click Generate Encryption Recovery Key Escrow Certificate.
- In the next screen, click Deploy.
Results
Important: You can also regenerate the certificate/key pair from this page. However,
generating a new set of keys will have adverse effects. Any in progress encryption
actions will fail to escrow recovery key as they will be encrypting using outdated
certificate. To avoid that, it is recommended to re-deploy MacOS full disk
encryption policies, as that will update the escrow certificate stored on the
devices for a future update or regeneration of the recovery key.