Root certificate configuration (Windows policy)
With the Root certificate configuration, you upload a root certificate to a policy. When you assign the policy to a device, the certificate gets installed.
You can upload X.509 certificate files in Privacy-Enhanced Mail (PEM) and Distinguished Encoding Rules (DER) encoding.
Commonly used file extensions are:
- PEM encoding:
.cer
,.crt
,.pem
- DER encoding:
.cer
,.der
After you add a Root certificate configuration to a policy, you can use it in other configurations of the same policy, for example, as Simple Certificate Enrollment Protocol (SCEP) server certificate in a SCEP configuration.
Upload certificate
For a general description of adding configurations to a policy, see Create policy.
To upload a root certificate to a policy, do as follows:
- On the policy’s Edit policy page, click Add configuration > Root certificate.
- Click Upload a file.
-
Select a file containing a certificate in X.509 format and click Open.
Tip: Instead of using Upload a file, you can drag the certificate file from File Explorer and drop it anywhere in the File area.
-
After the file is uploaded, the Certificate name field shows the certificate issuer’s Distinguished Name (DN) information.
-
Click Apply to save the configuration.
- On the Edit policy page, click Save.
To upload more root certificates, add a Root certificate configuration for each certificate to the policy.