Troubleshooting Certificate deployment on iOS devices with ConfigMgr & Intune
Last week I had an issue trying to enroll certificates thru ConfigMgr/Intune via NDES on iOS devices. The enrollment worked like a charm on Windows Phone 8.1 devices. The error I got in the crp.log file (Certificate Reqistration Point component) was key usage in CSR 160 and challenge 224 do not match To fix the issue you have to modify the certificate NDES General Purpose certificate template and remove Signature in proof of origin. You will find the property in Extensions After that iOS devices started appying the certificates.