Certificates settings
Use a certificate setting to upload a trusted public key root certificate or certificate chain. If it is a certificate chain, it can include the root certificate or only intermediate certificates.
IMPORTANT: You cannot upload an identity certificate -- a certificate that contains a private key -- into a certificate setting. To upload an identity certificate to Ivanti EPMM, use the certificate enrollment setting called single file identity.
You configure Ivanti EPMM to deliver the uploaded certificate or certificate chain to devices so that the devices can trust, for example, specific web services, email servers, or network components like VPN and Wi-Fi.
Two ways are available to deliver the certificate to a device:
- You reference the certificate setting from another Ivanti EPMM setting, and apply the appropriate labels to the referencing setting. Only the following settings can reference a certificate setting:
- An AppConnect app configuration, Ivanti Web@Work setting, or Ivanti Docs@Work setting can reference a certificate setting as the value of a key-value pair.
- A Wi-Fi setting can reference a certificate setting in its Apply to Certificates field (used with specific authentication and data encryption values on the Wi-Fi setting).
- You want to deliver a trusted public key certificate directly to a set of devices, without referencing the certificate setting from another setting. In this case, label the certificate setting. This case is less common.
Adding a certificate setting
Procedure
- Log in to the Admin Portal.
- Go to Policies & Configs > Configurations
- Click Add New > Certificates.
-
Fill in the entries:
- Name: Enter brief text that identifies certificate setting.
- Description: Enter additional text that clarifies the purpose of this certificate setting.
- File Name: Click Browse to select the X.509 certificate file (.cer, .crt, .pem, or .der) to upload to Ivanti EPMM. The certificate must be encoded as binary DER or ASCII PEM.
- Click Save.
Label the certificate setting if you want to deliver the certificate directly to a set of devices, regardless whether it is referenced from another setting. If you are referencing the certificate setting from another setting, label the other setting.