Credentials Certificate Payload

Use credentials certificate payloads with Wi-Fi payloads to verify the server identity when connecting to enterprise networks with Android and Android Enterprise devices. Credentials certificate payloads are used with Wi-Fi payloads for networks with 802.1x EAP security.

Once you have created a credentials certificate payload, use a Wi-Fi payload to configure devices to use the certificate. The Wi-Fi payload will reference the certificate payload for the certificate information. For more information, see Wi-Fi Payload.

A credentials certificate payload has the following options:

Payload Name	The name of the payload.
Certificate	Click the Browse button to select a certificate.
Password	Enter the password for the certificate. A password is only required for .pfx or .p12.
Certificate data	Click View Certificate to see information about the certificate, including its expiration date and the full certificate chain.

To use a credentials certificate payload with a Wi-Fi payload

1.Create an Android or Android Enterprise credentials certificate payload.

2.Upload your certificate and enter the password if necessary.

3.Save your credentials certificate payload.

4.Create a Wi-Fi payload. For more information, see Wi-Fi Payload.

5.Enter your network information.

6.For Security Type, select 802.1x EAP.

7.On the Protocols tab, select the Accepted EAP type and Phase 2 authentication for your network.

8.On the Authentication tab, select your desired credentials certificate payloads from the Server Certificate and User Certificate (TLS only) drop-down menus.

9.Enter any other necessary authentication information.

10.Save your Wi-Fi payload.

11.Deploy your Wi-Fi payload to your devices. For more information, see Smart Device Payloads.

The credentials certificate payload does not need to be deployed to devices. Only deploy the Wi-Fi payload.

A credentials payload sends a certificate to an iOS device that allows the device to use the company public key infrastructure system. This includes certificates for signing and encrypting email, establishing the device's identity when connecting to a company server, or verifying the server identity when connecting to Exchange, VPN, or Wi-Fi.

The certificate must be in PKCS#12 format (with either a .p12 or .pfx extension). If you want to use the certificate for signing and encrypting email or establishing device identity, the certificate must be for only one identity and include the private key. If you want to use the certificate to verify server identity when the device connects to Exchange, VPN, or Wi-Fi, the certificate must include the public key for the server's certificate.

When you have created a credentials payload, use an Exchange, VPN, or Wi-Fi payload to configure the device to use the certificate. (When the Exchange, VPN, or Wi-Fi payload is applied, the credentials certificate payload associated with it is automatically applied as well.) For certificates that sign and encrypt email, the Avalanche user is prompted for the password associated with the certificate.

A credentials certificate payload has the following options:

Payload name	The name of the payload.
Certificate	The name of the certificate. Click the Browse button to select a .p12 or .pfx file.
Password	The password for the certificate.
View Certificate	Shows the details of the selected certificate.
Remove	Removes the selected certificate from the payload.