Android
Last updated
Was this helpful?
Last updated
Was this helpful?
The following article describes how to deploy a device or a user certificate for Android. Android certificate deployment is similar to Windows 10, macOS, and iOS certificate deployments.
The basis for deploying SCEP certificates (device or user) is to trust the root certificate of SCEPman. Therefore, you have to download the CA Root certificate and deploy it as a Trusted certificate profile via Microsoft Intune:
To ensure the correct deployment of certificates on your Android device, there are two options:
In newer Android versions (e.g. 14), you can verify certificates (user and trusted certs.) from the settings > security and privacy
{{DeviceId}}: This ID is generated and used by Intune (Recommended). (Requires SCEPman 2.0 or higher and to be set to Intune or AADAndIntune
You can add other RDNs if needed (e.g.: CN={{DeviceId}}, O=Contoso, CN={{WiFiMacAddress}}
). Supported variables are listed in the .
The URI field is for NAC solutions to identify the devices based on their Intune Device ID.
SCEPman caps the certificate validity to the configured maximum in setting , but otherwise uses the validity configured in the request.
If you are using an , you must still select the Trusted certificate profile for Root CA, not the Intermediate CA!
Please follow the instructions of and take care of the following differences:
You can define RDNs based on your needs. Supported variables are listed in the . We recommend to include the username (e.g.: janedoe) and email address (e.g.: janedoe@contoso.com) as baseline setting.
Via 3rd party apps like