Forum Discussion
Intune Certificate Connector and OID 1.3.6.1.4.1.311.25.2
Hi, Way back in May when update KB5014754 broke cert auth for so many orgs it was identified that whilst RPC auto-enrolled certificates will get the new required OID the Intune certificate connector...
good find.
hopefully it trickles down.
slight concern that it states a preview build of Windows Server needed. hopefully it won't end up needing a CA upgrade to work!
hopefully it trickles down.
slight concern that it states a preview build of Windows Server needed. hopefully it won't end up needing a CA upgrade to work!
- Just updated Intune PKCS certificate configuration to add SAN attribute UPN with value {{UserPrincipalName}} and bang: authentication works. It seems that KB5014754 add the requirement to have SAN attribute that contain the UPN in the certficate, but I didn't find any reference for this. This will work until the full enforcement will be in place February 11, 2025. Still waiting for a solution to provide strong certificates to users via Intune.
- But one can not (obviously) add CN={{UserPrincipalName}} to DEVICE certificate (and that is what I use for WiFi Radius authentication)
- For DEVICE/Machine based RADIUS, I believe that FQDN is what is required in the SAN and I also use FQDN for the CN. I have never gotten AD based auth to work with the device certificate, so I rely on CRL for authorization.
