Forum Discussion
end device not receiving signed cert from Intune services
Intune Gurus,
I got a fresh deployment 2 days ago for PKCS cert, and I'm having 1 issue,
the issued certificate isn't showing in the end device mmc (user cert). HOWEVER,
- logs (eventviwer) in CertConnector shows that cert has been issued successfuly
- my Intermediate CA shows the user cert issued under "issued certs"
- Intune /under the configuration profil used to issue the cert, I can see the signed certificate issued and logged right there, (thumbprints and all other params are accurate)
looks like the issue is all about Intune not pushing that cert back to the user. what could be the issue? is it a matter of time, or sync period?
thanks,
- LeonPavesicSilver Contributor
Hi Airsail,
There can be few possible reasons why Intune is (or might not) not be pushing the signed certificate back to the end device:
- The device is not enrolled in Intune. In order to receive certificates from Intune, the device must be enrolled in Intune.
- The device is not compliant with the certificate profile. If the device is not compliant with the certificate profile, Intune will not push the certificate to the device.
- There is a problem with the certificate profile. If there is a problem with the certificate profile, Intune will not be able to push the certificate to the device.
- There is a problem with the Intune service. If there is a problem with the Intune service, it may not be able to push the certificate to the device.
To troubleshoot the issue, you can try the following:
- Make sure that the device is enrolled in Intune and compliant with the certificate profile.
- Review the certificate profile to make sure that it is configured correctly.
- Check the Intune service health to make sure that there are no problems.
Here are some additional links that may be helpful:
- Troubleshoot PKCS certificate deployment in Intune: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/certificates/troubleshoot-pkcs-certificate-profiles
- end device not receiving signed cert from Intune services: https://techcommunity.microsoft.com/t5/microsoft-intune/end-device-not-receiving-signed-cert-from-intune-services/td-p/3935224
- Create trusted certificate profiles in Microsoft Intune: https://learn.microsoft.com/en-us/mem/intune/protect/certificates-trusted-root
It can take some time for certificates to be pushed to end devices. The sync period for certificates is typically 8 hours, but it can take longer depending on the number of devices in your environment.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic