Workspace ONE repushes profiles containing credential payloads when the certificate is detected as missing in the device Certificate List sample.

When a profile with a certificate payload is installed on a device and if the certificate goes missing from the keychain on the device, Workspace ONE reissue the certificate to the device. Certificates can go missing due to a number of reasons, but most commonly due to the following:
  • The certificate does not install properly in the keychain.
  • Some installed software (such as security tools) on the device removes the installed certificate.
  • The end-user manually removes the certificate from the keychain.
Note: The certificate will only be repushed to the device if the system detects that it is missing from the Certificate List sample. No certificates will be pushed after the initial profile installation if the sample confirms that it is installed. To prevent looping, the reinstall command is queued only one time until a successful response is received from the device.

Corrupted State Detection

Each time the system receives a certificate list sample from the device, a check is conducted to determine if there are any missing certificates based on the device's assigned profiles. If a certificate is detected as missing, the profile certificate is considered to be in Corrupted state and the device profile status is set to Not Installed.

In this scenario, when a device profile status is set to Not Installed, a command is queued automatically to reinstall the profile on the device. Reinstalling the profile reinstalls the certificate to the device. The following certificate types are not supported:
  • User Certificate (S/MIME)
  • SCEP