Create PKCS, Root CA, and Customer Root Certificate using Intune (MDM)

Create Root CA Certificate as a Trusted Certificate 

To upload the Root CA to Inune and deploy it to the device: 

1. In Microsoft Intune, go to Device > Android > Configuration.
2. Under Policies, click Create and select New Policy. 
   
   
   Create a profile panel opens. 
3. On the Create a profile panel, configure the following:
   • Platform. Select Android Enterprise as the platform for the profile. 
   • Profile type. Select Templates as the profile type.
     and select Trusted certificate as the Template name.
   • Click Create.
     
     
     Trusted certificate window opens. 
      
4. Under the Basics tab, enter a Name and Description, and click Next.
   
   
5. Under the Configuration settings tab, select the root CA downloaded from AD in the certificate file section and click Next.
   
   
    
6. Under the Assignments tab, add the required device or user group in the Included groups setting and click Next.
   
   
    
7. Under the Review + create tab, review the trusted certificate summary and click Create.
   
   
   
   A trusted certificate is created and automatically pushed to the assigned device.

Create PKCS Certificate 

To create a PKCS certificate and deploy it to the device: 

1. In Microsoft Intune, go to Device > Android > Configuration.
2. Under Policies, click Create and select New Policy. 
   
   
   Create a profile panel opens. 
    
3. On the Create a profile panel, configure the following:
   • Platform. Select Android Enterprise as the platform for the profile. 
   • Profile type. Select Templates as the profile type.
     and select the PKCS certificate as the Template name.
   • Click Create.
     
     
     PKCS certificate window opens. 
      
4. Under the Basics tab, enter a Name and Description, and click Next.
   
   
5. Under the Configuration settings tab, enter the details from the Active Directory and upload the server Root Certificate. 
   
   
    
6. Under the Assignments tab, add the required device or user group in the Included groups setting and click Next.
   
   
7. Under the Review + create tab, review the PKCS certificate summary and click Create.
   
   
   
   A PKCS trusted certificate is created and automatically pushed to the assigned device.
    

Create the Customer Root CA Certificate

To create the customer Root CA certificate and deploy it to the device: 

1. Download the scanning certificate from the customer tenant. 
2. In Microsoft Intune, go to Device > Android > Configuration. 
3. Under Policies, click Create and select New Policy. 
   
   
   Create a profile panel opens. 
4. On the Create a profile panel, configure the following:
   • Platform. Select Android Enterprise as the platform for the profile. 
   • Profile type. Select Templates as the profile type.
     and select Trusted certificate as the Template name.
   • Click Create.
     
     
     Trusted certificate window opens. 
5. Under the Basics tab, enter a Name and Description, and click Next.
   
   
    
6. Under the Configuration settings tab, rename the file extension from .pem to .cer, and then select the scanning certificate downloaded from the customer tenant.
   
   
7. Under the Assignments tab, add the required device or user group in the Included groups setting and click Next.
   
   
    
8. Under the Review + create tab, review the PKCS certificate summary and click Create.
   
   
   A Root CA certificate is created and automatically pushed to the assigned device.

Once the certificates are installed or pushed to the device, install the Skyhigh Client app from the Google Play Store. For more information, see Skyhigh Client App for Android Devices.