SCEP certificate configuration
The goal of this procedure is to configure a DigiCert® Trust Lifecycle Manager certificate profile that will work in conjunction with an Intune device configuration profile.
DigiCert certificate profiles
Use the following base templates to create certificate profiles in Trust Lifecycle Manager for issuing Intune authentication certificates via SCEP.
Base template | Seat type |
---|---|
| |
|
For these base templates, the profile creation wizard defaults to the SCEP enrollment method and Azure Auth authentication method.
In the Authentication method section, select the Microsoft Intune connector for the Intune tenant that will request certificates from Trust Lifecycle Manager via its SCEP service.
Once the certificate profile is created in Trust Lifecycle Manager, you will receive a corresponding SCEP Server URL that can be used to issue certificates from that profile via SCEP. You will need this to configure the corresponding device configuration profiles in Intune to get certificates from this DigiCert certificate profile.
SCEP URL formats
The following table describes the format of the SCEP URL to be used by Intune supported device platforms.
Device platform | DigiCert SCEP Server URL format | Example |
---|---|---|
iOS/iPadOS Android macOS | Use the default SCEP service endpoint as displayed in the DigiCert Certificate Profile https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin/pkiclient.exe |
|
Windows (User Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin |
|
Windows (Computer Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin |
or
|
Microsoft Intune device configuration profiles
More information specific to the DigiCert® Trust Lifecycle Manager use case can be found in the following sections and should be used in conjunction with the Microsoft documentation: Use SCEP certificate profiles with Microsoft Intune | Microsoft Docs.
The general workflow for creating an Intune device configuration profile consists of the following sections:
Basics
Configuration settings
Assignments
Applicability Rules (Applies to Windows 10/11 only)
The following sections in this guide focus on the Configuration settings which determine the certificate details in conjunction with the corresponding certificate profile. For other non-certificate related aspects, refer to the Microsoft documentation.