Configuring a single file identity certificate enrollment setting

Use a single file identity certificate enrollment setting to upload an identity certificate to Ivanti EPMM for distribution to devices. A typical use case for a single file identity certificate is using the certificate to authenticate devices to a network server, such as:

  • Standalone Sentry
    When device authentication on Standalone Sentry is configured as Group Certificate, you typically distribute the same identity certificate to multiple devices.
  • A Wi-Fi network component
    When you configure a Wi-Fi setting to use TLS or TTLS for its EAP type, you can distribute the same identity certificate to multiple devices.
  • A VPN network component
    When you configure a VPN setting, depending on the type of VPN setting, you can use certificate-based authentication. For the authentication, you can distribute the same identity certificate to multiple devices.

You can upload either:

  • An identity certificate.
    The certificate is a PKCS 12 certificate which contains exactly one private key. It is a .p12 or .pfx file. The file can optionally include the certificate chain. The certificate chain can include only intermediate certificates, or intermediate certificates through the root certificate. The root certificate is not necessary if it is from a well known certificate authority.
    You also provide the password for the identity certificate’s private key.
  • Multiple files, which include among them:
    • The private key and its password.
    • The public certificate.
    • The supporting certificates in the certificate chain. The root certificate is not necessary if it is from a well known certificate authority.
  • Examples of combinations you can upload are:
    • A .p12 or .pfx file containing a an identity certificate and its private key and password, plus additional .pem files containing the intermediate certificates.
    • A .pem file containing the private key and password, a .pem file containing the public certificate, plus additional .pen files containing the intermediate certificates.

Procedure 

  1. Log in to the Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Click Add New > Certificate Enrollment > Single File Identity.
  4. Fill in the entries:
    • Name: Enter brief text that identifies certificate enrollment setting.
    • Description: Enter additional text that clarifies the purpose of this certificate enrollment setting.
    • Certificate 1: Click Browse to select the .p12 or .pfx file of the identity certificate, if you are uploading only one file.
    • If you are uploading multiple files, select the file (.p12, .pfx, or .pem) that contains the private key.
    • Password 1: Enter the password for the certificate’s private key.
  5. If you are uploading multiple files, click Add Certificate to add another file.
  6. Fill in the entries:
    • Certificate 2: Click Browse to select the .pem file to upload to Ivanti EPMM. The certificate must be formatted as binary DER or ASCII PEM.
    • Password 2: The Password field is applicable only for the file that contains the private key.
  7. Optionally, click Add Certificate to add another file.
  8. Click Save.

After you save the single file identity certificate enrollment setting, you can view or change the certificate by editing the setting.