CA Gateway can issue digital certificates for one or more Certification Authorities (CAs). Each of these CAs is called a Managed CA.
For each Managed CA in CA Gateway that will issue certificates, you must add the Managed CA to Microsoft Intune as a trusted third-party CA. To add a trusted CA to Microsoft Intune, you must create a trusted certificate profile in Microsoft Intune. When creating a trusted certificate profile, you will import the CA certificate of the Managed CA.
If the CA is an intermediate CA (also called a subordinate CA) and not the root CA, you must add each CA certificate in the certificate chain as a trusted third-party CA.
Each Managed CA will also act as a root of trust for one or more SCEP certificate profiles (see Configuring SCEP certificate profiles).
To add a CA to Microsoft Intune as a trusted third-party CA
- Obtain the CA certificate of the Managed CA.
If the Managed CA is an intermediate CA (also called a subordinate CA) and not the root CA, you must add each CA certificate in the certificate chain as a trusted third-party CA. - Log in to Intune.
- Click Devices.
- Click Configuration profile.
- Click Create Profile.
The Create profile page appears. - For Platform, select a device platform that will use the trusted certificate.
- For Profile type, select Trusted certificate.
- For Name, enter a unique name to identify the trusted certificate profile.
- For Description, enter a description for the trusted certificate profile.
- In the Trusted certificate pane, select the CA certificate you obtained earlier, then click OK.
- Click Create to create the certificate profile.
- Click Assignments.
- For Include, select the Azure Active Directory groups you want to include with the certificate profile.
- For Exclude, select the Azure Active Directory groups you want to exclude from the certificate profile.
- Click Save.