I’m looking to push the root and intermediary CA certificates from our Enterprise PKI to our IOS devices to support 802.1x auth against our WIFI networks. This is done via an Intune configuration profile of type WIFI that references a profile of type Trusted Certificate. In the Trusted Certificate profile the UI asks you to upload a .cer or .crt file. The problem is that the .cer/.crt file format is binary and cannot hold the entire trust chain i.e. more than one public certificate. That said, I can create multiple Trusted Certificate profiles and assign them to the WIFI profile so that all certificates are trusted. However, if I upload a PEM (Base64) file format renamed as .crt or .cer the UI accepts it and pushes it to the device!
Is the PEM format support by Intune Trusted Certificate profiles and if so does it also support multiple certificates in the that PEM file?