fdurand
commented
3 months ago This have to be reworked in the code/db since cn is the unique key.
Closed robbel1 closed 1 week ago
fdurand
commented
3 months ago This have to be reworked in the code/db since cn is the unique key.
JBishopYelm
commented
1 month ago I'd like to bump this request - we are struggling to figure out ways to make sure our certs are unique for each of our platforms. We're having to manually revoke certificates if our devices get re-imaged, and I can't even seem to get our InTune certs to renew.
Would it be possible to be able to issue certificates with a non-unique CN?
robbel1
commented
1 month ago We have somewhat of a workaround by setting CN={{UserPrincipalName}}{{Device_Serial}} and setting scep days before renewal to 0, this keeps the certs unique to the device and when the device requests a new one it revokes/supersedes the old one
When deploying certificates via SCEP get the following message when common name isn't unique. "failed to sign CSR" err="Certificate with this Subject already exist:"
We would like to be able to issue multiple certs to client devices via Intune SCEP for Windows and MacOS and Google Workspace for Chromebooks. The CN is set to UPN or user email but if a user signs into a second device no certifcate is issued, as a workaround we have set the CN to be UPN or email + device serial number but this is still an issue as if the device gets wiped or the chromebook user profile is removed no new user or device certs are issued until the old ones are revoked.