Intune trusted certificate profile
The goal of this procedure is to provide the entire CA certificate chain to the targeted device platform(s).
When configuring a certificate profile in DigiCert® Trust Lifecycle Manager , you will configure the issuer certificate authority (CA) that issues the end entity (EE) certificate to your target device or user.
In addition to configuring the Intune device configuration profile for the SCEP certificate type, you will need to create one or more trusted certificate profiles for each certificate in the CA hierarchy that you are using.
If you use an online root issuing CA, then you will only need to create a trusted certificate profile for that root CA. If you have a multi-tier CA hierarchy, then you will also create a trusted certificate profile for each intermediate CA in the certificate hierarchy. Common CA hierarchies consist of a root CA and a subordinate intermediate issuer CA.
The DigiCert® Trust Lifecycle Manager certificate profile configuration determines what issuing CA you are using to issue the end entity (EE) certificate.
 |
Download the CA certificate files from DigiCert® CA Manager.
Nota
The example shows the Issuing CA (ICA) certificate. You should also download root certificates as appropriate to your specific CA hierarchy.
 |
In Microsoft Endpoint Manager admin center, select Devices, then select Configuration profiles, and Create profile.
Configure the desired platform of the devices that will receive the profile and select Trusted Certificate from the dropdown or from the templates list. For detailed steps refer to Create trusted certificate profiles in Microsoft Intune | Microsoft Docs.
Nota
When configuring Windows platform devices destination store, select Root store for Root CA and Intermediate store for Intermediate/Issuer CA.