Deploy certificates to iQ 4 devices
You can deploy CA certificates and user certificates to SMART iQ devices (Android 13 or later) by creating a workflow in SMART Remote Management (SRM). This process includes uploading certificate files, creating Remote Exec commands, and organizing them in the correct sequence.
Use this procedure when you need to install certificates for secure Wi-Fi, EAP authentication, or other trust-based services in your environment.
Before you begin
Make sure you have the following:
Intermediate CA certificate file (for example, IntermediateCA.crt)
Root CA certificate file (for example, RootCA.crt)
User certificate and private key bundled as a
.pfxfileThe export password used when creating the
.pfxfileYour user account has permission in SRM to create commands and workflows
Best practices:
Install CA certificates before installing any user or Wi-Fi certificates.
Use clear, consistent file names (for example, RootCA.crt, UserCert.pfx).
Store certificate files securely and rotate them according to your organization’s policy.
Test the workflow on a small set of devices before deploying at scale.
To upload certificate files
Click Deployment
Files.The Files window opens.
Click Add New.
Select Upload file as the upload method and enter a name for the certificate file.
In the destination field enter the path
/sdcard/Download.Click Confirm.
Repeat these steps to upload all the necessary certificate files.
To create a remote execution command for each certificate
Click Commands & Scripts.
The Commands & Scripts window appears.
Click Add New.
The New remote execution window appears.
In the Name box, give the command a clear name (for example, Install Intermediate CA).
Select Command line.
Enter the following details:
For Command, enter
smartcli.For Arguments, enter:
Copycert install_ca /sdcard/Download/<Certificate file>.crt [--delete_file true] [--for_all_users true]Where:
<Certificate file> is the name of the Intermediate CA certificate file you previously uploaded.
Optional--delete_file specifies whether the certificate file should be deleted (true by default)
Optional--for-all-users specifies whether the certificate should be installed for all signed-in users (false by default)
Select the following check boxes.
Check box
Select to
Notes
Wait for exit
Allow the system to wait for the command’s execution to finish before reporting the result.
This is critical for commands that depend on completion confirmation before subsequent actions can occur.
Collect output
Collect and return the output of the command as part of the command results.
This provides administrators with essential feedback and diagnostics, improving troubleshooting and verifying command success.
Run with high privileges
Execute the command with elevated local device permissions.
This ensures compatibility with commands requiring administrative privileges, especially for critical device or system changes.
OptionalTurn on Set as private to mark the command as private so it is only visible to the creator of the command. This enhances control over sensitive commands, promoting user privacy and security.
Click Confirm.
The remote execution command is added to the repository.
Repeat the previous steps to create a command for the Root CA certificate, using the same command and arguments but changing the Certificate file name in the argument to the name of the Root CA file you previously uploaded.
Repeat steps 1-8 to create a command for the user certificate and private key. This time, use the following details:
For Command, enter
smartcli.For Arguments, enter:
Copycert install_wifi /sdcard/Download/<Certificate file>.pfx --cert_password <Your password>Where:
<Certificate file> is the name of the certificate file you previously uploaded.
<Your password> is the export password used when generating the .pfx file.
To create a certificate installation workflow
Click Automation
Workflows.The Workflows window opens.
Click Add New.
Type a name and description for the workflow in the Workflow name and Workflow description boxes.
Click Commands
.Click Add command.
Add the following items in this exact order:
Intermediate CA certificate file (you will find this under the Send file option)
Install Intermediate CA remote execute command
Root CA certificate file
Install Root CA remote execute command
User certificate file
Install user certificate remote execute command
Important
To ensure success, it is important that these actions appear in this order in the workflow.
Click Confirm.
To deploy the workflow
Click Devices
to open the Devices view.Choose one of the following options:
Option
Steps
Send to a single device
Click the device’s row.
The device’s dashboard window appears.
Click Repositories actions, and then click Remote Execute.
The Remote execute window appears.
Select a command or script from the list and click Apply.
Send to devices that match a saved filter
Click Filters
to open the filters panel and then click Browse saved.Click Actions
in the saved filter’s row and select AutomateWorkflows.The Workflow window appears.
Select the workflow you created in the previous procedure and click Apply.
Send to devices in a group
If the groups panel isn’t visible, click
Groups.Click Actions
in the group’s row and select AutomateWorkflows.The Workflow window appears.
Select the workflow you created in the previous procedure and click Apply.
Verify the certificate installation on the device by going to the device and tapping Settings
SecurityEncryption & Credentials. Confirm that:The Intermediate CA and Root CA certificates appear under Trusted credentials.
The user certificate appears under User credentials and is available for Wi-Fi authentication.