Note
The information in this topic applies only to System Center 2012 R2 Configuration Manager.

Certificate profiles in System Center 2012 Configuration Manager integrate with Active Directory Certificate Services and the Network Device Enrollment Service role to provision managed devices with authentication certificates so that users can access company resources by using certificates. The information in this topic can help you create certificate profiles in Configuration Manager.

Important
You must perform configuration before you can create certificate profiles. For more information, see Configuring Certificate Profiles in Configuration Manager.

Steps to Create a Certificate Profile

Use the following required steps to create a certificate profile by using the Create Certificate Profile Wizard.

Step Details More information

Step 1: Start the Create Certificate Profile Wizard

Start the wizard from the Assets and Compliance workspace, in the Compliance Settings node.

See the Step 1: Start the Create Certificate Profile Wizard section in this topic.

Step 2: Provide general information about the certificate profile

Provide general information, such as the name and description of the certificate profile, and the type of certificate profile that you want to create.

See the Step 2: Provide General Information About the Certificate Profile section in this topic.

Step 3: Provide information about the certificate profile

Provide configuration information for the certificate profile.

See the Step 3: Provide Information About the Certificate Profile section in this topic.

Step 4: Configure supported platforms for the certificate profile

Specify the operating systems where you will install the certificate profile.

See the Step 4: Configure Supported Platforms for the Certificate Profile section in this topic.

Step 5: Complete the wizard

Complete the wizard to create the new certificate profile.

See the Step 5: Complete the Wizard section in this topic.

Caution
If you have already deployed a certificate by using a Simple Certificate Enrollment Protocol (SCEP) certificate profile, changing some configuration options will result in requesting a new certificate that has the new values. If the number of certificate request renewals is high because of these changes, those renewals can cause high CPU processing on the server that is running the Network Device Enrollment Service.When the certificate request is for a client on the intranet (for example, Windows 8.1), the original certificate is deleted when a new certificate that has the new values is requested. However, when the certificate request is for a client that is managed by using the Windows Intune connector, the original certificate is not deleted from the device and remains installed.The following sections note the settings that will result in a certificate renewal request.

Supplemental Procedures to Create a New Certificate Profile

Use the following information when the steps in the preceding table require supplemental procedures.

Step 1: Start the Create Certificate Profile Wizard

Step 2: Provide General Information About the Certificate Profile

Step 3: Provide Information About the Certificate Profile

Step 4: Configure Supported Platforms for the Certificate Profile

Step 5: Complete the Wizard

See Also