IDEE
← Entra ID Guides Function Guides for Admins

Essential Certificates for CBE Setup

Ensure these two certificates are properly configured before deployment.

CA Root Certificate

Purpose: Validates all user/machine certificates issued by your internal PKI.
Requirements:
βœ” Issued by your Microsoft ADCS or internal CA
βœ” Must be trusted by all devices (deployed via GPO or MDM)

Public TLS Certificate

Purpose: Secures communication (HTTPS, LDAPS) for your domain.
Requirements:
βœ” Issued by a public CA (e.g., DigiCert, Sectigo, Entrust)
βœ” SANs Included: Cover all relevant domains (e.g., authn.yourdomain.com)
βœ” Key Usage: Must include Server Authentication