Has anyone succeeded in installing a client certificate + private key from an MDM application onto a Windows device?
I'm referencing the ClientCertificateInstall configuration service provider to build this SyncML document for the Windows client. When the windows client reports back to the MDM application, it gives this SyncML document which reveals a problem with the KeyLocation node.
The KeyLocation status is simply 500, which isn't very informative, but the statuses in other parts of the client's report show that all other parts of my command should succeed.
Experiment details:
- In the linked example, I specify a
KeyLocationof2:Install to TPM if present. If not present, fallback to software.But I've also experimented with1and3with identical results. - For a Windows client, I've used a VM on Hyper-V with TPM support and a VM on VirtualBox (no TPM support).
- In addition to
./Device/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall, I've also tried./User/Vendor/MSFT/ClientCertificateInstall/PFXCertInstall.