The Systems Manager credential payload can be used to push X.509 (.cer, .p12, .crt) certificates to devices. As more and more sensitive corporate data exists in our devices, the need for digital certificates becomes more apparent. Certificates provide an extra layer of protection that passwords cannot contend with; including such benefits as user identification, authentication and integrity checks of the device. These certificates can either be generated by a 3rd party certificate authority or by a locally hosted certificate authority.
An example use case for this feature is to push a verified certificate to an iOS device to wirelessly authenticate via 802.1X. These will automatically populate under the "Trust" feature in a WPA2-Enterprise WiFi profile under the 'WiFi' tab.
Note: Credential certificates are not the same as owner identity certificates, which are generally used for ActiveSync cert-based auth.
Certificate Payload Configuration
- Navigate to Systems Manager > Manage > Settings.
- Use an existing profile, or create a new Meraki managed profile.
- Select + Add Settings > Certificate.
- Specify the name of the certificate.
- Input associated password to the certificate (required for .p12 certificate).
- Upload the certificate through Choose File
- Once the certificate has been uploaded, save the payload.
The Certificate payload is currently supported on iOS, macOS, Android, and Windows
As shown below, you can name your certificate, input a password, and upload the certificate file. Note that for iOS and macOS the certificate will be installed on a shared keychain. Android will install the certificate on the Android Keystore system.
Note: For Android, there is no way to uninstall the private key certification unless the work profile is removed from the device.
Once the certificate has been uploaded, information related to the certification will be displayed.
Viewing the Certificates on Devices
Once the credentials payload has been pushed down onto your devices you can view the certificate in iOS by navigating to Settings > General > Profiles & Device Management > Meraki Management > More Details.
To view existing certificates on OSX, navigate to Keychain Access by search or Applications > Utilities > Keychain Access. After opening Keychain Access select Category > Certificates to view all existing certificates.
Finding certifications under Android will be slightly different for each device and version. Navigate to Settings > Security > View security certificates.
Certificates are installed on the user level and can be viewed from the certificates snap-in within the Microsoft Management Console (MMC). The following Microsoft documentation outlines how to view certificates with the MMC snap-in; when selecting which certificate the snap-in will manage, be sure to select "My user account".