Youtube Channel
Updated on March 23, 2022

Closed Network

Using Self-Signed Certificate (Instead of Public CA)

The certificate provisioning DPC extra feature allows Android Entreprise Intelligent Hub to install a certificate before enrollment. 

If this DPC extra is included in the QR code, then Hub will automatically proceed as Device Owner (fully managed) mode, install the certificate, and then enroll.

Note if the console is configured for COPE mode, then enrollment will fail on Android 11+.

Follow these steps to obtain the encoded certificate data:

  1. Upload the certificate to an Android Credentials profile
  2. Save the profile.  Do not assign it to any devices
  3. Select the Profile and view the Profile XML.  The ‘CertificateData’ in the profile XML is what is used in the JSON below.

Add the following key to the Admin Extras Bundle in the QR Code provisioning JSON: “workManagedCertData”:”encoded certificate data”

{

   "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"6kyqxDOjgS30jvQuzh4uvHPk-0bmAD-1QU7vtW7i_o8=",
   "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"",
   "android.app.extra.PROVISIONING_SKIP_ENCRYPTION":false,
   "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":

{       "serverurl":"",       "gid":"",       "un":"",       "pw":"",      "workManagedCertData":"encoded certificate data"    }

}

Requirements:

Intelligent Hub 22.01