By Jack Poehlman | Service Engineer on the Enterprise Mobility and Customer Experience Team
We’ve heard from a few customers recently about this experience setting up Wi-Fi profiles. The cases were very similar; the customer was attempting to setup certificate-based Wi-Fi profiles on Android Enterprise work profile devices and reported that the Wi-Fi profile is constantly reporting “Error”. Looking into these reports, we found that the customer was deploying a device-based certificate instead of a user-based certificate. Furthermore, the device-based certificate was configured with only a subject name such as CN={{AAD_Device_ID}} however no “Subject alternative name” was defined.
Reviewing this scenario, we discovered the cause for the Wi-Fi profile error in the processing. Currently, a UPN attribute is a requirement for Wi-Fi profile certificate selection. While we look into this further and investigate full resolution, we have tested and confirmed with these customers that there’s a reasonably simple workaround. If you run into this, error, where the Wi-Fi profile on Android Enterprise work profile errors out constantly, simply add a SAN with a UPN attribute to your Device base certificate SCEP profile like this:
We will update this blog posted as we investigate this issue further and hope this helps with some advanced troubleshooting.
