Trusted certificate profile in Intune Stuck at Pending
We need to deploy our Root CA and subordinate issuing CA Certificates to our Intune managed AAD only devices to support SCEP. We created a trusted certificate profile in Intune to provision these certs but however comma this profile is stuck at pending... How do I troubleshoot what is going on? Microsoft how have I failed you 😞 Intune supports use of the Simple Certificate Enrollment Protocol (SCEP) to https://learn.microsoft.com/en-us/mem/intune/protect/certificates-configure. SCEP uses the Certification Authority (CA) certificate to secure the message exchange for the Certificate Signing Request (CSR). When your infrastructure supports SCEP, you can use Intune SCEP certificate profiles (a type of device profile in Intune) to deploy the certificates to your devices. https://learn.microsoft.com/en-us/mem/intune/protect/certificates-scep-configure#certificates-and-templates To use a SCEP certificate profile, devices must trust your Trusted Root Certification Authority (CA). Use a trusted certificate profile in Intune to provision the Trusted Root CA certificate to users and devices.Deploy a cert
Dear community members, We are using Intune to deliver a couple of certs to the mobile devices. We did both Root and Intermediate certs using Device Configuration Profile with Trusted Cert option, which worked on both iOS and Android. Then it comes to an application cert, with .cer extension. It is a certificate that required by an app on the mobiles (which is also published by Intune) that uses to authenticate with its cloud service. We need to get this certificate on to the mobile phones. The certificate name started with a wildcard *.xxx.mycompanydomain, with multiple URLs inside the cert. At first, we didn't know which options should be used, whether it is Trusted Cert, PKCS, Imported PKCS, SCEP, etc. So we started to deploy this app cert using Trusted Certificate option. The certificate installed on the iOS but it didn't install on the Android. And we tried both Android Enterprise with Work Profile and the fully managed Android, neither worked. Then we looked at the other cert option, such as PKCS and SCEP. They require complex infrastructure set up and doesn't look like it's the right option to go, given we only deploying this static app cert, which is same for every single device. It feels like the same deal as the root cert, just need to be present on the mobiles. Does anyone have similar experience? Is there anything we are doing wrong deploying the cert to the Android device? Does the name of the cert that started with a Wildcard matters? Thanks all.
