If you've uploaded your own certificate or created your own CA you will properly have some intermediates or the root certificate in the chain of certificates which will be downloaded. Intune will only use the user certificate if the whole file was uploaded. So for Windows you will have to edit the file, that the actual root certificate will be deployed to your clients. Open the downloaded file and remove the content which is marked in blue(in this sample). Otherwise you will properly see this error on Windows.
Log in to your Azure portal
Navigate to Microsoft Intune and click Device configuration
Then click Create Profile
Select the correct Platform for your device
As Profile type select Trusted certificate
Upload the Server certificate from your portal