# Server Trust

{% hint style="info" %}
This is only required if you are using a RADIUS server certificate that was issued by a CA that your clients do not already trust. For example, this is not needed if you are bringing your own server certificate issued by SCEPman.
{% endhint %}

### Part 1: Download the RADIUS Server Certificate

When [downloading](https://docs.radiusaas.com/admin-portal/settings/settings-server#download) the Server certificate, use only the green-marked certificate. This will download the root CA certificate of the issuing CA.

<figure><img src="https://1222554226-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSWU1DQ4UGkqER7uGNUOm%2Fuploads%2F6PAKr5RsefmaAKR44h8i%2Fimage.png?alt=media&#x26;token=a7738e9d-f974-4162-a99a-e7c2b68b4b40" alt=""><figcaption></figcaption></figure>

### Part 2: Adding a Trusted certificate profile for your endpoint devices&#x20;

{% hint style="warning" %}
Ensure, you have reviewed [Part 1](#edit-your-downloaded-certificate).
{% endhint %}

1. Log in to [Microsoft Intune](https://intune.microsoft.com/)
2. Navigate to **Devices** and subsequently **Configuration profiles**
3. Then click **Create > New policy**
4. Select the correct **Platform** for your device
5. Search the **Profile type** templates for **Trusted certificate** and select it
6. Click **Create** and provide a descriptive name and optional **Description**
7. In the second step, upload the \*.cer file containing the RADIUS server certificate/trusted root the server certificate was signed with.

![](https://content.gitbook.com/content/SWU1DQ4UGkqER7uGNUOm/blobs/brqevWf8XzBgPh5fhlAj/image.png)