'How to manage certificates on Android devices using Android Management API

I am developing a solution to manage client certificate deployment on android devices using SCEP. I have a few questions about the Android management API.

On the Android Enterprise site (https://developers.google.com/android/work/requirements/work-profile), looks like it supports certificate management (4.8, 4.9, 4.10). However, I am not able to find anything about certificate management on the Android management API site. The only topic that kind of relates to certificate management is on the Network configurations page https://developers.google.com/android/management/configure-networks.

Here are my questions:

1: Where can I find more information about certificate management using the Android Management API?

2: I know Intune can push SCEP policy to Android devices. Can you provide guidance on how to create a SCEP certificate policy? Or a PKS12 certificate policy?

3: If there is no such policy for SCEP certificate, does that mean we have to create a SCEP client app and grant certificate management permission to the app?

4: How can our backend communicate with our SCEP client app if we need to install/delete/update the SCEP certificate?



Solution 1:[1]

From the Android Management APIs known issue statement the certificate management is done via the OpenNetworkConfig payload in device policy. This feature is not generally available.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Rey V. Aquino