We're sharing a tip that came out of a recent case with a customer where we were investigating a problem with their PKCS certificates. While we didn't get any additional customer calls on this topic, we thought it would be good to post what we shared with the customer in case you were troubleshooting your own custom subject name PKCS certificate issue.
Problem detected and corrected
We’ve detected and fixed a problem with the Subject name format field of PKCS certificates. When an iOS PKCS certificate policy was created with the custom subject name option configured, the certificate requests were not issued since the delivery service was looking for a specific set of subject name formats and couldn’t handle the custom name format. We received notice of this problem, and removed the ability to create custom name PKCS certificates. All PKCS certificate profiles that were created using the custom subject name option have had the subject name set to “Not configured”.
How does this affect me?
We have removed the capability to create custom subject names in your iOS PKCS certificate policy. All PKCS certificate profiles that were created using the custom subject name option over the past two weeks have had the subject name set to “Not configured” and will need to be updated. Any custom subject name delivered since March 27, 2018 may also be delivered with “Common Name” as we took an immediate change to the service to fix this bug.
What action do I need to take?
To select the appropriate subject name for your PKCS certificate, login to the Azure portal with your Intune credentials. Head to Intune, Device configuration, Profiles, Settings, and edit your profile type for PKCS certificates. Look for those PKCS certificates that read “Not Configured” and change the Subject name format to Common name or Common name as email. Select OK, then Save to save your profile changes.
Additional information: https://docs.microsoft.com/intune/certficates-pfx-configure