Digital certificates serve as electronic credentials that authenticate Android devices and enable encrypted communication. They play a crucial role in ensuring data security and privacy, simplifying the tasks of IT teams by verifying device identities, and maintaining security across various networks.
Digital certificates are important in Android device management for secure authentication, encryption, and maintaining code integrity. They facilitate device enrollment, management, and secure communication protocols, increasing overall security and compliance within the Android ecosystem.
This blog will provide a step-by-step guide on managing Android digital certificates via Scalefusion, focusing on the steps and best practices for effective certificate management.
Types of Certificates Scalefusion Supports
- Identity Certificates: These certificates, typically in formats like .p12 or .pfx, enable apps and browsers to authenticate users for Cert Based Authentication (CBA).
- CA Certificates: Certificates in formats such as .cer, .pem, and .der that validate the trustworthiness of the presented certificate.
- Chained Certificates: Certificates that include a chain leading to a Leaf Node. They can encompass both identity and CA certificates, forming a hierarchical chain of issuing certificates along with the leaf certificate in their payload/body.
NOTE: Scalefusion supports the following certificate types: PKCS12 (.p12) and PKCS1 (.cer, .pem).
Android Certificate Configuration from the Scalefusion Dashboard
1. Upload Certificates
- Go to Device Profiles and Policies
- Access the Scalefusion dashboard.
- Click the Device Profiles and Policies tab.
- Navigate to Certificate Management
- Within the Device Profiles and Policies section, find and select Certificate Management.
- Click Upload Certificate
- In the Certificate Management section, click Upload Certificate.
- Enter Certificate Details
- In the Upload a Certificate window that appears, enter a name for the certificate.
- Upload the certificate file by selecting it from your device.
- Save the Certificate
- After entering all the necessary details, click Save to upload the certificate to the dashboard.
The uploaded certificate and its details will be displayed on the Certificate Management screen.
2. Apply Certificates
- Navigate to the Certificate
- Go to Certificate Management, where your certificates are listed.
- Select Publish Option
- Click Publish under the Actions column next to the certificate you want to publish.
- Choose Device Profiles/Devices
- A new window will open, displaying a list of device profiles and devices configured on the Dashboard.
- Select the device profiles/devices where you want to apply the certificate.
- Publish the Certificate:
- Click PUBLISH to associate the certificate with the selected device profiles/devices.
The certificate will now be applied to the chosen device profiles/devices.
3. Installation of Certificates on Devices (OS9 and below)
For EMM Managed BYOD or Corporate Owned Devices (below OS 9)
- Ensure PIN/Password Setup
- If the device does not have a PIN or password set, certificates published from the dashboard will be visible in Certificate Manager but not installed.
- Set up a PIN or password on the device first.
For Devices with Legacy Management Mode
- Manual Installation
- Navigate to Certificate Manager on the device.
- Tap the Install button next to the desired certificate.
- Tap OK (rename the certificate if necessary).
- The certificate will be installed on the device.
For AMAPI-based Android Devices
- Install certificates through the Companion App associated with AMAPI-based Android devices.
4. Unpublish Certificates
- Navigate to Certificate Management
- Go to the Certificate Management section where your certificates are listed.
- Select Unpublish Option
- Click Unpublish under the Actions column next to the certificate you want to remove from device profiles/devices.
- Choose Device Profiles/Devices to Unpublish From
- A window will open, displaying a list of all device profiles and devices where the certificate is currently published.
- Select the profiles and devices from which you want to remove the certificate.
- Confirm Unpublish
- Click UNPUBLISH to proceed. The certificate will be uninstalled from the selected device(s) or device profiles.
This action effectively removes the certificate from the chosen device profiles/devices on the Scalefusion Dashboard.
5. Delete Certificates
Confirmation Dialog for Pushed Certificates
- Navigate to Certificate Management
- Access the Certificate Management section on the Scalefusion Dashboard.
- Initiate Deletion
- Click Delete under the Actions column next to the certificate you wish to remove.
- Confirmation Dialog (Pushed Certificates)
- If the certificate is currently pushed to any device profiles or used in WiFi configurations, a confirmation dialog will appear:
- “This Certificate is currently installed on the XX Device Profiles and used in XX Wifi Configurations. Are you sure you want to delete?”
- Confirm your decision to delete the certificate.
Simple Confirmation Dialog (Non-Pushed Certificates)
- A simpler confirmation dialog will appear if the certificate is not pushed to any device profiles or used in WiFi configurations.
Mastering Android digital certificate management with Scalefusion UEM ensures secure authentication, encrypted communication, and compliance. By following these steps, IT teams can effectively manage and safeguard device identities, improving overall security and efficiency in the Android ecosystem.
Contact our support team and schedule a demo. Try our 14-day free trial today!
