Support Tip: AE Work Profile Device + Wi-Fi Profile “Error” when Using Device-Based Certs

Published May 30 2019 05:38 PM 4,639 Views

By Jack Poehlman | Service Engineer on the Enterprise Mobility and Customer Experience Team

 

We’ve heard from a few customers recently about this experience setting up Wi-Fi profiles. The cases were very similar; the customer was attempting to setup certificate-based Wi-Fi profiles on Android Enterprise work profile devices and reported that the Wi-Fi profile is constantly reporting “Error”.  Looking into these reports, we found that the customer was deploying a device-based certificate instead of a user-based certificate. Furthermore, the device-based certificate was configured with only a subject name such as CN={{AAD_Device_ID}} however no “Subject alternative name” was defined.

 

Reviewing this scenario, we discovered the cause for the Wi-Fi profile error in the processing. Currently, a UPN attribute is a requirement for Wi-Fi profile certificate selection. While we look into this further and investigate full resolution, we have tested and confirmed with these customers that there’s a reasonably simple workaround. If you run into this, error, where the Wi-Fi profile on Android Enterprise work profile errors out constantly, simply add a SAN with a UPN attribute to your Device base certificate SCEP profile like this:

 

AEWorkProfileDevices.png

 

We will update this blog posted as we investigate this issue further and hope this helps with some advanced troubleshooting.

3 Comments
Version history
Last update:
‎May 30 2019 05:38 PM
Updated by:
www.000webhost.com