With the SAN extensions added to the certificate template, you must now attach your customized template to the device profile that was created during the Getting Started Wizard. Take the following steps to attach the template and adjust the device profile.

  1. Navigate to Devices > Profiles & Resources > Profiles.
  2. Search for the device profiles that were automatically created by the Getting Started Wizard. Depending upon how many platforms your deployment supports, you may have up to three different device profiles to edit, one for each device platform. These profiles are named in the following manner.

    • Android_Vpn_xxxx (where xxxx is a three or four digit number)
    • Ios_Sso_xxxx (where xxxx is a three or four digit number)
    • Windows_Sso_xxxx (where xxxx is a three or four digit number)
  3. Select either the name of the profile or the pencil icon ( MDM_EditIcon) to the left of the profile name to open the profile edit screen.
  4. If the Add Version button is enabled, select it to begin editing the profile.
  5. Select the Credentials tab on the left. This is where you attach your custom certificate template.
  6. Select the Configure button.
  7. Under Credential Source, select Defined Certificate Authority from the drop-down menu.
  8. Under Certificate Authority, select the name of the third-party certificate authority you have chosen. This must be the same CA on which your customized certificate template is based.
  9. Under Certificate Template, select the name of your customized certificate template you saved in the previous step. For more information, refer to Insert Parameter in Subject Alternative Name (SAN) Extension.
  10. If the automatically created device profile has a green SCEP tab on the left, then select it and select the minus button in the lower-right corner of the profile window.

    MDM_Device_Profile_Remove_Payload

    This action removes the SCEP configuration from the device profile. It was created automatically by the Getting Started Wizard but since you have selected a third-party certificate authority, you do not need a SCEP solution.

  11. Select Save & Publish.
  12. Repeat steps 2 through 11 for each platform your deployment supports.