This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am trying to follow this article to setup the Intune Cert Connector.
What does this mean?
I follow the link to the article.
https://video2.skills-academy.com/en-us/mem/intune/protect/certificates-imported-pfx-configure#import-pfx-certificates
It talks about PFX import. Do I need PFX import for Certificate Connector? I thought the point of Cert Connector was to Issue certs.
This isn't clear to me at all what I need to do at this step.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@ComputerHabit, Thanks for posting in Q&A. In fact, Certificate Connector will be used when we deploy SCEP, PKCS certificate via Intune. It also be used when we import PFX certificate to Intune. Based on my understanding, the permission is used when we want to import PFX Certificates to Intune.
If we only want to deploy SCEP certificate, the permission is not required.
https://video2.skills-academy.com/en-us/mem/intune/protect/certificates-scep-configure
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
This thingy is pain in the ass, excuse my french. Have you considered to go with Cloud PKI which is part of Intune Suite? It will cost you like 2-3e/user/month.
https://video2.skills-academy.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview
It was a difficult read. I do have it working.
After I read the choose your own adventure of documentation, I understand that there are three types of deployments of certs. PKCS (templates from certsrv), SCEP (still not sure what for) and PFX distribution (I guess to deploy same cert to lots of users.)
The docs just drive me nuts because they mention ensuring something is in place but it can't be in place because you're setting it up.
It might have been less confusing to not include that line at all.
@ComputerHabit, Thanks for the reply. PKCS certificates are used to issue private and public key pairs for authentication and email signing and encryption using S/MIME. PKCS imported certificates are PFX files that are imported to Intune and deployed to devices. SCEP certificates are used to authenticate connections to apps and corporate resources and use the Simple Certificate Enrollment Protocol. You can use Intune SCEP certificate profiles (a type of device profile in Intune) to deploy the certificates to your devices or users. Could you let us know which kind of certificate you want to deploy via Intune?
For your feedback of the docs, I understand your feeling. I will try to feedback.