Trusted Secure CA deployment system center configuration manager

Balbo 1 Reputation point
2021-03-16T16:29:49.957+00:00

Hello everybody,
can you tell me how to deploy a Trusted Secure CA 5 using System Center Configuation Manager please.I know how to deploy an application but i don't know oh to deploy a "file.crt" using SCCM.
Thank you for your help.
regards,
Balbo

Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
472 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SunnyNiu-MSFT 1,696 Reputation points
    2021-03-17T07:11:52.86+00:00

    @Balbo
    Here is an answer to your question that hopefully you find helpful!
    In my lab, I did the following experiment to deploy a "file.crt" using SCCM for a reference:
    The deployment of Certificate Profiles always consist out of two parts, deploying a root certificate followed by deploying a client certificate.
    Part 1 – Root Certificate
    In the Configuration Manager Console> Assets and Compliance > Overview > Compliance Settings > Company Resource Access > Certificate Profiles.
    Right-click Certificate Profiles, in the Create group, click Create Certificate Profile and the Create Certificate Profile Wizard will popup.
    On the General page, fill in with Name<Trusted Secure CA>, select Trusted CA certificate and click Next. Like below screenshot:
    78651-1.png

    On the Trusted CA Certificate page, browse (by clicking on Import) to the exported root certificate, select Computer certificate store – Root and click Next. Like below screenshot:
    78652-2.png

    On the Supported Platforms page, select Windows 10 and click Next. Like below screenshot:
    78558-3.png

    On the Summary page click Next. On the Completion page click Close.

    Now the configuration is created it’s time for the deployment. An important step of this deployment is the remediation. So to deploy and remediate the Certificate Profile follow the next steps:
    In the Configuration Manager Console> Assets and Compliance > Overview > Compliance Settings > Company Resource Access > Certificate Profiles.
    Select the new item <Trusted Secure CA> and on the Home tab, in the Deployment group, click Deploy and the Deploy Trusted CA Certificate Profile popup will show.
    On the Deploy Trusted CA Certificate Profile popup, browse to a device collection and click Ok. Like below screenshot:
    78605-4.png

    Part 2 – Client Certificate
    After the Certificate Profile for the root certificate is deployed, it’s time to start with the configuration and deployment of a Certificate Profile for the client certificate. It’s important to note that a root certificate has to be deployed to enable a successful client certificate deployment. Also a Certificate Profile for the deployment of the root certificate is a prerequisite for a Certificate Profile for the deployment of a client certificate:
    In the Configuration Manager Console> Assets and Compliance > Overview > Compliance Settings > Company Resource Access > Certificate Profiles.
    Right-click Certificate Profiles, in the Create group, click Create Certificate Profile and the Create Certificate Profile Wizard will popup.
    On the General page, fill in with Name <ConfigurationManagerClientCertificate>, select Simple Certificate Enrollment Protocol (SCEP) settings and click Next. Like below screenshot:
    78615-5.png

    On the SCEP Enrollment page, select Install to Trusted Platform (TPM) if present, then select Allow certificate enrollment on any device and click Next. Like below screenshot:
    78645-6.png

    On the Certificate Properties page select with Certificate template name <ConfigurationManagerClientCertificate>, select with Root CA certificate the previously created Certificate Profile and click Next(All the other settings will be filled automatically, but are customizable, based on the selected template, but Read rights on the selected template are necessary for the user.). Like below screenshot:
    78606-7.png

    On the Supported Platforms page, select Windows 10 and click Next. On the Summary page click Next. On the Completion page click Close.

    Now the configuration is created it’s again time for the deployment. And again an important step of this deployment is the remediation. So to deploy and remediate the Certificate Profile follow the next steps:
    In the Configuration Manager Console> Assets and Compliance > Overview > Compliance Settings > Company Resource Access > Certificate Profiles.
    Select the new item <ConfigurationManagerClientCertificate> and on the Home tab, in the Deployment group, click Deploy and the Deploy Trusted CA Certificate Profile popup will show.
    On the Deploy Trusted CA Certificate Profile popup, browse to a device collection and click Ok.

    The success or failures of this process could be followed in a new log file named CertEnrollAgent.log.
    Another good place to look is a MMC with the Certificates snap-in, on the enrolled device. This will immediately show whether, or not the the Certificate Profile provided a successful enrollment of the a certificate.


    If the response is helpful, please click "Accept Answer"and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.