For PKCS, set client authentication in the certificate template in the certificate authority (CA). You can set client authentication directly in SCEP certificate profiles ( Extended key usage list > Client authentication). Configure and manage PKCS certificates with Intuneīe sure to configure the certificate for client authentication.Configure infrastructure to support SCEP with Intune.To configure and assign the client authentication certificate, see one of the following articles: The certificate allows the device to silently authenticate without prompting for a username and password. The SCEP or PKCS certificate provides credentials from the iOS/iPadOS VPN client to the VPN server. The trusted root certificate profile allows the device to automatically trust the VPN Server. For more information, see Create a VPN profile.Ĭreate a SCEP or PKCS certificate profile Select Next, and continue creating your profile. cer file) that you exported from your VPN administration console.
In Configuration settings, select the folder icon, and browse to your VPN certificate (. This setting is optional, but recommended. Description: Enter a description for the profile.For example, a good profile name is iOS/iPadOS trusted certificate VPN profile for entire company. Name your profiles so you can easily identify them later. Name: Enter a descriptive name for the profile.In Basics, enter the following properties:
Select Devices > Configuration profiles > Create profile. Sign in to the Microsoft Endpoint Manager admin center. The trusted certificate profile instructs the iOS/iPadOS device to automatically trust the CA that the VPN server presents. Import the VPN server's root certificate issued by the CA into a profile created in Intune. To create a new group, see Add groups to organize users and devices. This group must include the users or devices that will use per-app VPN. If the CA presented by the device matches a CA in the Trusted CA list on the VPN server, then the VPN server successfully authenticates the device.Ĭreate or choose an existing group in Azure Active Directory (Azure AD). cer extension, and you add it when creating a trusted certificate profile.Īdd the name of the CA that issued the certificate for authentication to the VPN server. On your VPN server, open the administration console.Ĭonfirm that your VPN server uses certificate-based authentication.Įxport the trusted root certificate file. This trusted certificate profile must include the VPN server's root certificate issued by the Certification Authority (CA). To confirm the automatic approval of the certificate, create a trusted certificate profile. To prove its identity, the VPN server presents the certificate that must be accepted without a prompt by the device.
Be sure to check with their documentation, and meet those prerequisites before setting up per-app VPN in Intune. Your VPN vendor may have other requirements for per-app VPN, such as specific hardware or licensing.
0 kommentar(er)
