2 Replies Latest reply on Aug 26, 2016 6:48 AM by Ian Hatton

    Avalanche certificate deployment through StageNow

    John (Matt) Dermody

      Has anybody had any success deploying the Avalanche Cert to a WT6000 through the StageNow tool? I am using this process on a TC8000 without issue. StageNow initializes the Keystore and then auto-process the ca.pem cert file into the trusted certificates Keystore. Then, when the Avalanche Enabler is launched for the first time, the enrollment process is automatic because the cert is already already pre-installed on the device. It's a pretty awesome process but it is unfortunately only working on the TC8000. Everything is successfully pushed to the WT6000 from StageNow, but the ca.pem file just doesn't seem to be processed. StageNow also responds with a success message, indicating that there were no detected issues with staging the profile. I've checked and confirmed that the /sdcard/ contains the ca.pem file after applying the StageNow profile. The cert is being pushed to the device, just not being processed. I know the cert is correct because i'm using the exact same profile on a TC8000. Both devices are at MX 5.2 with StageNow 2.3.

       

      When I launch the Avalanche Enabler it indicates that there is "no peer certificate" in the error logs. If I then manually install the ca.pem certificate using the Install from SD Card option under the Credentials subsection of the system Security Settings the Avalanche Enabler recognizes it and successfully enrolls into Avalanche. I hate having to manually install the Avalanche cert because it then forces me to setup a lockscreen and a pin/pattern, which I've managed to circumvent on the TC8000.

       

      Does anybody have any experience with WT6000s + StageNow certificate loading?

        • Re: Avalanche certificate deployment through StageNow
          John (Matt) Dermody

          I should clarify that I am also applying a .P12 wireless certificate to the WT6000 through StageNow successfully. The wireless cert is one of the very first configuration steps in my staging process and the Keystore is initialized through StageNow before it is applied. This at least indicates that the WT6000s can process certificates of some kind through StageNow. Because a .P12 wireless cert works, I tried using the Avalanche .p12 cert and key rather than the ca.pem file and StageNow fails because of some issue with either the PKS/P12 format being incorrect or the password being wrong. I know the password is correct because I've rebuilt the cert twice now with two separate passwords to confirm that and the password works when I import the certificate manually through the Trusted Credential Storage in the Settings->Security menu.

           

          So my current status is:

           

          TC8000

          - Wireless .p12 cert - successfully applied via StageNow MX 5.2 profile

          - Avalanche ca.pem cert - successfully deployed and applied via StageNow MX 5.2 profile

           

          WT6000

          - Wireless .p12 cert - successfully applied via same StageNow MX 5.2 profile

          - Avalanche ca.pem cert - successfully deployed but NOT applied via same StageNow MX 5.2 profile

            • Re: Avalanche certificate deployment through StageNow
              Ian Hatton

              John,

               

              I tried a PEM certificate install on the WT6000 using the attached SN barcodes (which have the PEM file embedded in the barcodes) and saw the same issue i.e. the StageNow client does not report any error but the certificate is not installed or listed as a User cert when viewed from Settings/Security/Trusted Credentials). The same profile works on the TC8000 and other Zebra Android devices so I think you will need to raise a support ticket to get this issue fixed on the WT6000 specifically.

               

              Best Regards,

              Ian Hatton

              Zebra EMEA