Skip to main content

Configure Certificate Profile (Android Enterprise)

The Certificate Profile feature in the Profiles section enables administrators to remotely upload and configure corporate certificates and other necessary certificates for network authentication on Android Enterprise devices. This simplifies certificate management, ensuring secure connections to networks and services without the need for manual setup on individual devices. The feature enhances security and efficiency by maintaining a consistent certificate configuration across the managed device fleet. Additionally, administrators have the flexibility to remove user-installed trusted certificates from Android 6+ devices enrolled in Android Enterprise, granting them greater control over certificate management and overall security.

To create a Certificate profile and deploy it to the device(s), follow these steps:

1.  Navigate to SureMDM Web Console > Profiles > Android > Add > Primary Profile > Certificate > Configure.

2.  In the Certificate prompt, 

  • To fetch the existing SCEP certificate from the CA server, follow these steps:

      a.  Deselect Create Certificate Using SCEP.

      b.  Select Certificate Usage (VPN and Apps / Wi-Fi) from the drop-down list.        

      c.  Upload the Certificate file from the saved location.

      d.  Enter the Password and click Add.

  • To get SCEP certificate from another CA server, follow these steps: 

           a.  Select Create Certificate Using SCEP.

           b.  Select Certificate Usage (VPN and Apps / Wi-Fi) from the drop-down list.         

           c.  Select Override Account-Wide SCEP Settings.

                This will enable administrators to create and configure another certificate using SCEP.  To configure SCEP in SureMDM, see the steps under Configure SCEP.

           d.  Click Add. 

The newly created profile will be listed in the Profiles section.

3.  Enter the Profile Name and click Save.

     The newly created profile will be listed in the Profiles section.

4.  Go back to the Home tab and select the Android device(s) or group(s).

5.  Click Apply to launch the Apply Job/Profile To Device prompt .

6.  In the Apply Job/Profile To Device prompt, select the created profile and click Apply.

Remove Certificate

  1. Remove the certificate with user-installed trusted credentials.
note

All the user-installed certificates will be removed from the device upon deployment of this profile. This feature is supported only on Android 6+ devices enrolled in Android Enterprise [Fully Managed and Work Profile mode].

This feature is supported on SureMDM Agent versions >=27.23.00

  1. Remove User Certificates
note

All the user-security certificates will be removed from the device upon deployment of this profile.

This feature is supported only on fully managed [DO] devices with Android V >7 and SureMDM Agent V >=27.44.10