Redeploy PKCS certificate to Intune managed device

%3CLINGO-SUB%20id%3D%22lingo-sub-1811579%22%20slang%3D%22en-US%22%3ERedeploy%20PKCS%20certificate%20to%20Intune%20managed%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1811579%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20to%20force%20a%20new%20PKCS%20certificate%20request%2C%20with%20Endpoint%20Manager%20(Intune)%20managed%20devices%2C%20resulting%20in%20the%20old%20certificate%20being%20removed%20and%20a%20new%20certificate%20being%20issued%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20PKCS%20certificates%20for%20an%20Always%20On%20VPN%20connection%20for%20end%20users%2C%20these%20are%20user%20based%20certificates%20which%20are%20configured%20with%20an%20configuration%20profile%20in%20Endpoint%20Manager%2C%20to%20be%20requested%20at%20an%20on-premise%20PKI%20infrastructure.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fremove-certificates%3FWT.mc_id%3Demail%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fprotect%2Fremove-certificates%3FWT.mc_id%3Demail%3C%2FA%3E%3CBR%20%2F%3EThis%20article%20states%20the%20follwing%3A%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3BA%20PKCS%20certificate%20is%20revoked%20and%20removed%20when%3A%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20A%20user%20unenrolls.%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20An%20administrator%20runs%20the%20wipe%20action.%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20An%20administrator%20runs%20the%20retire%20action.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20find%20a%20device%20wipe%20very%20cumbersome%2C%20to%20only%20get%20a%20new%20user%20certificate%20on%20the%20device.%20Is%20there%20any%20other%20way%20to%20get%20this%20done%2C%20without%20a%20device%20wipe%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20topic%20is%20also%20raised%20in%20the%20uservoice%20of%20Microsoft%2C%20in%202018%2C%20but%20without%20any%20solution%20provided.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F36157906-re-deploy-certificate-individually-to-user-or-devi%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F36157906-re-deploy-certificate-individually-to-user-or-devi%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%26nbsp%3B%3C%2FP%3E%3CP%3ERik%20Pasman%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1811579%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Hi,

 

How to force a new PKCS certificate request, with Endpoint Manager (Intune) managed devices, resulting in the old certificate being removed and a new certificate being issued?

 

We use PKCS certificates for an Always On VPN connection for end users, these are user based certificates which are configured with an configuration profile in Endpoint Manager, to be requested at an on-premise PKI infrastructure.

https://docs.microsoft.com/en-us/mem/intune/protect/remove-certificates?WT.mc_id=email
This article states the follwing:
   A PKCS certificate is revoked and removed when:
      A user unenrolls.
      An administrator runs the wipe action.
      An administrator runs the retire action.

 

Now I find a device wipe very cumbersome, to only get a new user certificate on the device. Is there any other way to get this done, without a device wipe?

This topic is also raised in the uservoice of Microsoft, in 2018, but without any solution provided.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/36157906-re-deploy-certificate...

Regards, 

Rik Pasman

0 Replies