These testing and troubleshooting techniques are for SaaS, rather than on-premises deployments.
Verify Ability to Perform Certificate Authentication without AirWatch
Remove AirWatch from the configuration and manually configure a device to connect to your network server using certificate authentication. This should work outside of AirWatch and until this works properly, AirWatch will not be able to configure a device to connect with a certificate.
Verify Ability to Perform Certificate Authentication with AirWatch
You can confirm that the certificate is usable by pushing a profile to the device and testing whether or not the device is able to connect and sync to the configured EAS, VPN, or Wi-Fi access-point. If the device is not connecting and shows a message that the certificate cannot be authenticated or the account cannot connect then there is a problem in the configuration. Below are some helpful troubleshooting checks.
If SSL TLS errors are received while creating a template
This error can occur when you attempt to:
- Create an AirWatch certificate template byselecting the Retrieve Profiles button or
- Retrieve a certificate from the AirWatch console from the SecureAuth certificate authority.
The troubleshooting technique that usually resolves this problem is:
- Adding the required server certificate chain in the console servers trusted root key store.
If the AirWatch Certificate Profile fails to install on the device
- Inform AirWatch Professional Services of the error and request they:
- Turn On Verbose Mode to capture additional data.
- Retrieve web console log.
- AirWatch analyzes the log and works with customer to resolve the problem.
If the certificate is not populated in the View XML option of the profile
- Confirm that lookup values configured on the SecureAuth certificate profile match the look up values in the AirWatch console’s Request Template.
- Confirm that lookup values in AirWatch Request Template are actually populated in the user information being pulled from AD.
- Confirm you are pointing to the right profile in SecureAuth.