Oct 23 2020 01:47 AM
Hi,
How to force a new PKCS certificate request, with Endpoint Manager (Intune) managed devices, resulting in the old certificate being removed and a new certificate being issued?
We use PKCS certificates for an Always On VPN connection for end users, these are user based certificates which are configured with an configuration profile in Endpoint Manager, to be requested at an on-premise PKI infrastructure.
https://docs.microsoft.com/en-us/mem/intune/protect/remove-certificates?WT.mc_id=email
This article states the follwing:
A PKCS certificate is revoked and removed when:
A user unenrolls.
An administrator runs the wipe action.
An administrator runs the retire action.
Now I find a device wipe very cumbersome, to only get a new user certificate on the device. Is there any other way to get this done, without a device wipe?
This topic is also raised in the uservoice of Microsoft, in 2018, but without any solution provided.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/36157906-re-deploy-certificate...
Regards,
Rik Pasman
Mar 26 2021 10:12 AM
Apr 18 2023 07:19 PM
Sep 21 2023 07:33 AM
@JF9928 , I tried your suggestion with no success.
I don't know how certutil can trigger an intune policy reapply ...
Do you have more information about this ?