Android PKCS

%3CLINGO-SUB%20id%3D%22lingo-sub-152130%22%20slang%3D%22en-US%22%3EAndroid%20PKCS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-152130%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%3C%2FP%3E%0A%3CP%3EWe%20have%20a%20problem%20with%20PKCS%20deployment%20to%20Android%20devices%20from%20Intune%20Standalone.%20%3CBR%20%2F%3EIt%20looks%20like%20Intune%20only%20pushes%20the%20ROOT%20certificate%20to%20the%20device.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20pkcs%20policy%20is%20marked%20green%20and%20the%20certificate%20is%20generated%20on%20the%20CA%20server%20and%20the%20logs%2Ffiles%20on%20the%20NDESConnector%20server%20is%20saying%20that%20upload%20and%20everything%20worked%20ok.%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ei%20tried%20an%20older%20android%20os%20in%20the%20NOX%20emulator%2C%20on%20this%20device%20i%20get%20notices%20that%20i%20have%20security%20credentials%20to%20import.%20one%20for%20the%20ROOT%20and%20one%20for%20the%20USER%20certs.%3C%2FP%3E%0A%3CP%3EIs%20it%20even%20possibleto%20deploy%20a%20pkcs%20cert%20to%20android%20devices%3F%3CBR%20%2F%3EHow%20did%20you%20configure%20the%20policys%20in%20order%20to%20get%20it%20to%20work%3F%3C%2FP%3E%0A%3CP%3Ei%20have%20tried%20to%20change%20almost%20everything%20in%20the%20policy%20but%20cant%20get%20it%20to%20work.%20And%20all%20internet%20guides%20aint%20giving%20me%20any%20good%20suggestions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-152130%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAndroid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ecertificate%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epfx%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epkcs%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166195%22%20slang%3D%22en-US%22%3ERe%3A%20Android%20PKCS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166195%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Tobias.%3C%2FP%3E%0A%3CP%3EMake%20sure%20that%20EKUs%20from%20the%20PFX%20profile%20match%20with%20the%20ones%20from%20the%20Certificate%20Template%20on%20the%20CA.%3CBR%20%2F%3EMorten%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-165725%22%20slang%3D%22en-US%22%3ERe%3A%20Android%20PKCS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165725%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Tobias.%3C%2FP%3E%0A%3CP%3EI%20have%20exactly%20the%20same%20issue.%20I%20have%20created%20a%20support%20request%20to%20Microsoft%20today.%3C%2FP%3E%0A%3CP%3EIt%20works%20fine%20on%20iOS.%3C%2FP%3E%0A%3CP%3ERegards%3C%2FP%3E%0A%3CP%3EMorten%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hello.

We have a problem with PKCS deployment to Android devices from Intune Standalone.
It looks like Intune only pushes the ROOT certificate to the device. 

The pkcs policy is marked green and the certificate is generated on the CA server and the logs/files on the NDESConnector server is saying that upload and everything worked ok. 

i tried an older android os in the NOX emulator, on this device i get notices that i have security credentials to import. one for the ROOT and one for the USER certs.

Is it even possibleto deploy a pkcs cert to android devices?
How did you configure the policys in order to get it to work?

i have tried to change almost everything in the policy but cant get it to work. And all internet guides aint giving me any good suggestions.

2 Replies
Highlighted

Hi Tobias.

I have exactly the same issue. I have created a support request to Microsoft today.

It works fine on iOS.

Regards

Morten

Highlighted

Hi Tobias.

Make sure that EKUs from the PFX profile match with the ones from the Certificate Template on the CA.
Morten