This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 57.99999999999999%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Hi,
Is anyone aware of documentation regarding deploying PFX certificates using Endpoint Configuration Manager?
I have been able to create a deploy the Trusted Root cert and the Intermediate certs profiles with no problem.
For the life of me I can't get PFX certificates to work and I can't find a single bit of information regarding preparing the CA for doing this. All I can find are outdated documents on creating SCEP certs using NDES. Even the documents I've found on how to add the Certificate Registration Point role is outdated. It just talks about added the web info for NDES etc. with no option for using PFX.
Any help is appreciated.
Thanks!
Are you trying to issue and deploy individual, unique certs using ConfigMgr? If so, there is no way to do this (outside of SCEP/NDES). You either need to continue using group policy (if the devices are on-prem domain joined and have internal connectivity) or use Intune and the Intune (PFX) connector.
If that is the case then why connect it to your CA and why do you get an option for which certificate template to choose?
I guess I'm just confused as to what is the point of even having the option then?
That's for using SCEP/NDES as noted.
A quick Bing and sure enough, it's in the docs that it can be done. I literally don't know anyone who has ever used this feature. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/introduction-to-certificate-profiles#requirements
It must be really new.
I have found that doc and the only thing it talks about is create SCEP certificates and NDES. Nothing about pfx. It says you can do it but doesn't say how.