# Root CA
After you have deployed your SCEPman environment you have to create a root certificate.
If you want to use an intermediate certificate (Enterprise Edition only) you can have a look at this guide:
{% content-ref url="intermediate-certificate" %}
[intermediate-certificate](https://docs.scepman.com/scepman-deployment/intermediate-certificate)
{% endcontent-ref %}
**For a standard SCEPman setup, we recommend generating a new root certificate with the following steps:**
## Create SCEPman Root certificate
1. Navigate to **App Services**.
2. Choose the SCEPman application and click on **Browse** to see the SCEPman website.
3. When everything works as intended **Intune**, **Read AAD, Read Intune,** and **Storage Account** are set in green as **connected**.
4\. The option **click here to start** creating the Azure Key Vault RootCA certificate. The initial root certificate should be created only once on a farm.\
5\. Select **I have read the documentation\[...]** and click **Create First Node**.\
6\. After some seconds/minutes you can refresh the page. Now you should see that the root certificate is available.
Now you are ready to start! Check [Certificate Deployment via Microsoft Intune](https://docs.scepman.com/certificate-management/microsoft-intune)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.scepman.com/scepman-deployment/first-run-root-cert.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
