We are using Intune to deliver a couple of certs to the mobile devices. We did both Root and Intermediate certs using Device Configuration Profile with Trusted Cert option, which worked on both iOS and Android.
Then it comes to an application cert, with .cer extension. It is a certificate that required by an app on the mobiles (which is also published by Intune) that uses to authenticate with its cloud service. We need to get this certificate on to the mobile phones.
The certificate name started with a wildcard *.xxx.mycompanydomain, with multiple URLs inside the cert. At first, we didn't know which options should be used, whether it is Trusted Cert, PKCS, Imported PKCS, SCEP, etc. So we started to deploy this app cert using Trusted Certificate option. The certificate installed on the iOS but it didn't install on the Android. And we tried both Android Enterprise with Work Profile and the fully managed Android, neither worked.
Then we looked at the other cert option, such as PKCS and SCEP. They require complex infrastructure set up and doesn't look like it's the right option to go, given we only deploying this static app cert, which is same for every single device. It feels like the same deal as the root cert, just need to be present on the mobiles.
Does anyone have similar experience? Is there anything we are doing wrong deploying the cert to the Android device? Does the name of the cert that started with a Wildcard matters?
trusted certificate should be fine in your case, that's the correct way of distributing such a certificate. In the case of Android did you check with My Certificates from Google Play Store? I often had the case that the certificate was simply not shown and the app mentioned above revealed it as deployed and available.