Jump to content


Allow Pairing - Supervising Host Certificates

  • Please log in to reply
1 reply to this topic

#1 Rick Kaczanko

Rick Kaczanko
  • Members
  • 11 posts

Posted 05 December 2015 - 01:22 PM

I cannot find any documentation on what a Supervising Host Certificate is or how to create one.  


I deployed a Apple DEP profile with Allow Pairing turned off.  Now I have users who wish to pair with iTunes on their computers.  As it is right now, they get a message that states "This iPhone is supervised by another computer and cannot be used with this computer."


I was researching how to allow pairing in the profiles and it states that if I wish to enable Allow Pairing, I need to add a Supervising Host Certificate but I cannot figure out what that is.


If there's another way to allow pairing without re-doing the profile, I'd be happy to hear of that too.






#2 Joseph Totaro

Joseph Totaro
  • Moderators
  • 24 posts

Posted 06 December 2015 - 06:56 PM

Hi Rick, 


If you have devices set up via DEP with Allow Pairing turned off, there is no way to connect the device to iTunes on any computer without applying a new DEP profile and therefore wiping the device.  As far as I know, there are no workarounds here, but it couldn't hurt to contact Apple support to be sure.


When applying future DEP profiles here's how it works:

Host Pairing set to Yes allows the device to pair with any computer.  

Host Pairing set to No restricts the device from paring with all computers except those specified via “Supervising Host Certificates" 


If you set Host Pairing to Yes, you can override that and make it "No" later by going to Device Config >> Profiles >> Basic >> iOS Specific Functionality Restrictions and uncheck "Allow Host Pairing". Be sure to apply that profile to your devices.  The opposite is not true, in other words you can't set a restriction that turns it On if you've turned it Off via DEP.  No matter what your settings are in DEP or device profiles, if you set up Supervising Host Certificates those computers can always pair with the devices. 


In order to get a Host Certificate off of a computer running OS X you can do the following:

  • Make sure it has Apple Configurator installed and that it has been launched at least once.
  • Open the program called Keychain Access.
  • On the left under Keychains select “login”
  • On the left under Category select “My Certificates”
  • In the middle section right click on the certificate called “Apple Configurator” or something similar and select Export
  • On the save dialog select Certificate (.cer) as the file format and Save
  • The saved file can be uploaded to MDM portal as a Supervising Host Certificate.


Hope this helps.