Are you trying to issue and deploy individual, unique certs using ConfigMgr? If so, there is no way to do this (outside of SCEP/NDES). You either need to continue using group policy (if the devices are on-prem domain joined and have internal connectivity) or use Intune and the Intune (PFX) connector.
Steps to prepare PFX certificate deployment with Configuration Manager
Hi,
Is anyone aware of documentation regarding deploying PFX certificates using Endpoint Configuration Manager?
I have been able to create a deploy the Trusted Root cert and the Intermediate certs profiles with no problem.
For the life of me I can't get PFX certificates to work and I can't find a single bit of information regarding preparing the CA for doing this. All I can find are outdated documents on creating SCEP certs using NDES. Even the documents I've found on how to add the Certificate Registration Point role is outdated. It just talks about added the web info for NDES etc. with no option for using PFX.
Any help is appreciated.
Thanks!
4 answers
Sort by: Most helpful
-
Jason Sandys 31,186 Reputation points Microsoft Employee
2020-09-10T18:21:39.11+00:00 -
Munoz, James P 1 Reputation point
2020-09-10T18:24:28.237+00:00 If that is the case then why connect it to your CA and why do you get an option for which certificate template to choose?
I guess I'm just confused as to what is the point of even having the option then? -
John Marcum - MVP 6 Reputation points
2020-09-10T19:31:30.873+00:00 A quick Bing and sure enough, it's in the docs that it can be done. I literally don't know anyone who has ever used this feature. https://video2.skills-academy.com/en-us/mem/configmgr/protect/deploy-use/introduction-to-certificate-profiles#requirements
-
Munoz, James P 1 Reputation point
2020-09-11T17:29:08.313+00:00 It must be really new.
I have found that doc and the only thing it talks about is create SCEP certificates and NDES. Nothing about pfx. It says you can do it but doesn't say how.