Client Certificate configuration (Windows policy)

With the Client certificate configuration you install a client certificate onto Windows computers.

Setting

Description

File

The certificate you want to install.

You can upload PEM and PKCS #12 certificates.

Click Upload a file and then navigate to the file that contains the certificate.

Tip Alternatively, drag the file from File Explorer to the Upload a file area.

Certificate name

After you’ve uploaded the certificate file, this field shows the subject value of the certificate.

Target store

The certificate store where the certificate is installed:

User: The certificate is available to the user enrolled with Sophos Mobile.

Device: The certificate is available to all users on the computer.

Key location

The location where the private key of the certificate is stored:

Software: The key is stored in a software-based key store.

TPM or software: The key is stored in TPM if it's available. Otherwise the key is stored in a software-based key store.

TPM: The key is stored in the Trusted Platform Module (TPM) hardware chip. If the computer doesn’t have a TPM chip or if TPM is turned off in the BIOS, the certificate is not installed.

Windows Hello for Business: The key is stored in a Windows Hello for Business container.

Key is exportable

Users can also export the private key when they export the certificate.

Container name

The name of the Windows Hello for Business container where the private key of the certificate is stored.