Skip to main content
Cisco Meraki Documentation

Certificates Payload (Pushing Certificates)

  1. Last updated
  2. Save as PDF

The Systems Manager credential payload can be used to push X.509 (.cer, .p12, .crt) certificates to devices. As more and more sensitive corporate data exists in our devices, the need for digital certificates becomes more apparent. Certificates provide an extra layer of protection that passwords cannot contend with; including such benefits as user identification, authentication and integrity checks of the device. These certificates can either be generated by a 3rd party certificate authority or by a locally hosted certificate authority. 
 
An example use case for this feature is to push a verified certificate to an iOS device to wirelessly authenticate via 802.1X. These will automatically populate under the "Trust" feature in a WPA2-Enterprise WiFi profile under the 'WiFi' tab.

Note: Credential certificates are not the same as owner identity certificates, which are generally used for ActiveSync cert-based auth.

Certificate Payload Configuration

  1. Navigate to Systems Manager > Manage > Settings.
  2. Use an existing profile, or create a new Meraki managed profile.
  3. Select + Add Settings > Certificate.
  4. Specify the name of the certificate.
  5. Input associated password to the certificate (required for .p12 certificate).
  6. Upload the certificate through Choose File 
  7. Once the certificate has been uploaded, save the payload.

 

The Certificate payload is currently supported on iOS, macOS, Android, and Windows

 

As shown below, you can name your certificate, input a password, and upload the certificate file. Note that for iOS and macOS the certificate will be installed on a shared keychain. Android will install the certificate on the Android Keystore system.

Note: For Android, there is no way to uninstall the private key certification unless the work profile is removed from the device.

2. Credential Setting.png

 

Once the certificate has been uploaded, information related to the certification will be displayed.

3. Cert w: Sample.png

Viewing the Certificates on Devices

iOS

Once the credentials payload has been pushed down onto your devices you can view the certificate in iOS by navigating to Settings > General > Profiles & Device Management > Meraki Management > More Details. 

  4. iPad Settings.jpeg

OSX

To view existing certificates on OSX, navigate to Keychain Access by search or Applications > Utilities > Keychain Access. After opening Keychain Access select Category > Certificates to view all existing certificates.


5. macOS Certs.png

Android

Finding certifications under Android will be slightly different for each device and version. Navigate to Settings > Security > View security certificates.

6. Android Certs.png

Windows

Certificates are installed on the user level and can be viewed from the certificates snap-in within the Microsoft Management Console (MMC). The following Microsoft documentation outlines how to view certificates with the MMC snap-in; when selecting which certificate the snap-in will manage, be sure to select "My user account".

certificate_example.JPG

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
    Stage
    Final
  2. Tags
    1. certificate
    2. certificate push
    3. credentials