How to import pfx cert in intune using microsoft graph api

Question

Hello,

I am trying to import a pfx certificate generate by a public ca to Intune using the graph api. I found "Create userPFXCertificate" path to create the pfx certificate as mentioned in the below link but i am not able to get this path in graph explorer.

https://learn.microsoft.com/en-us/graph/api/intune-raimportcerts-userpfxcertificate-create?view=graph-rest-beta

I have 2 questions -

1. Is this the correct way of creating a pfx cert (generated from a public CA) in intune? or is there a better way of doing this. I know a cert connector can be installed but based on my understanding the cert connector is mainly for a private on-prem ca setup (please, correct me if i am wrong).
2. Why "userPFXCertificate" is not showing up for me in graph explorer?

Answer 1

@NM, Thanks for posting in Q&A. From your description, it seems you want to import a pfx certificate generated by third party CA. If there's any misunderstanding, feel free to let us know.

Based as I know, only some partner like DigiCert, EverTrust and KeyTalk provide supported methods or tools to import PFX certificates to Intune. Here is a link with more details:

https://learn.microsoft.com/en-us/mem/intune/protect/certificates-imported-pfx-configure#support-for-third-party-partners

Please confirm if we are in the supported list.

For the query in Graph Explorer, it seems you are listing the userPFXCertificates. You can try the URL in the following link to check:

https://learn.microsoft.com/en-us/graph/api/intune-raimportcerts-userpfxcertificate-list?view=graph-rest-beta

Hope the above information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.