SCEP certificate configuration
The goal of this procedure is to configure a DigiCert® Trust Lifecycle Manager certificate profile that will work in conjunction with an Intune device configuration profile.
In both cases, the DigiCert ONE certificate profile creation wizard defaults to SCEP enrollment method and Azure Auth authentication method. For Azure Auth settings, use the values obtained in Azure Active Directory App registration for:
Application ID
Application Key
Tenant Name
Once the certificate profile is created, you will configure a corresponding Intune Device configuration profile with the required values, settings, and the DigiCert SCEP URL for the specific certificate profile.
Opmerking
The format of the SCEP URL that is consumed by the targeted device platforms varies.
The following table describes the form of the SCEP URL to be used by Intune supported device platforms:
Device platform | DigiCert SCEP service endpoint URL format | Example |
---|---|---|
iOS/iPadOS Android macOS | Use the default SCEP service endpoint as displayed in the DigiCert Certificate Profile https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin/pkiclient.exe | https://one.digicert.com/mpki/api/v1/scep/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/cgi-bin/pkiclient.exe |
Windows (User Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin | https://one.digicert.com/mpki/api/v1/scep/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/cgi-bin |
Windows (Computer Store) |
https://<HOST>/mpki/api/v1/scep/<UUID>/cgi-bin | http://one.digicert.com/mpki/api/v1/scep/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/cgi-bin or https://one.digicert.com/mpki/api/v1/scep/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/cgi-bin |
More information specific to the DigiCert® Trust Lifecycle Manager use case can be found in the following sections and should be used in conjunction with the Microsoft documentation: Use SCEP certificate profiles with Microsoft Intune | Microsoft Docs.
The general workflow for creating an Intune Device configuration profile consists of the following sections:
Basics
Configuration settings
Assignments
Applicability Rules (Applies to Windows 10/11 only)
The following sections in this guide focus on the Configuration settings which determine the certificate details in conjunction with the corresponding certificate profile.
For other non-certificate related aspects, please refer to the Microsoft documentation.