Home / Knox Manage / Configure / Certificates /

Certificate templates

Last updated August 5th, 2025

The Certificate Authority (CA) server manages certificates through certificate templates. You can add as many templates as you need, and modify them to standardize and simplify the process of issuing certificates.

Add a certificate template

To add a certificate template, complete the following steps:

  1. Navigate to Advanced > Certificate > Certificate Template.
  2. On the Certificate Template page, click Add.
  3. On the Add Certificate Template page, enter the following information:
    • Template Name — Assign a unique name for the certificate template.
    • Description — Enter a description for the certificate template.
    • Type — Only External is supported.
    • Platform — You can select Android, iOS, or both. When both platforms are selected, only usage types that are common to Android and iOS are shown.
    • CA — Select a CA type. Relevant input fields vary depending on your selection.
    • CA Template Name — Enter the CA template name. The CA template name is required when ADCS type CA is selected.
    • Subject Name — Enter a subject name in CN = {Subject name value} format. Alternatively, click Lookup to open the Select Lookup Item dialog and select an item.
    • Certificate Usage — Select a certificate usage type:
      • Wi-Fi — Authorizes connecting with AP for Wi-Fi.
      • VPN — Authorizes encrypted VPN communication when registering Knox Manage on devices.
      • Exchange — Authorizes user authentication and services in Exchange.
      • Knox Generic VPN (only relevant to Knox Platform for Enterprise) — Authorizes encrypted VPN communication for Knox-enabled Android devices.
      • Knox VPN (only relevant to Knox Service Plugin) — Authorizes specialized encrypted VPN communication for Samsung devices.
    • Microsoft User Security Identifier — Select to require security identifier information during certificate-based authentication, which is mandatory for Microsoft Entra ID (applies to CA types of NDES and ADCS).
    • SAN Type — Select a SAN type, and then enter the SAN value. Then click to add. Alternatively, click Lookup to open the Select Lookup Item dialog and select an item.

The Microsoft User Security Identifier is added while syncing a user from a directory, or while adding users. Look up the Microsoft User Security Identifier for SAN Type and add as a SAN URL.

  1. Click Save.
  2. In the OK window, click OK.

View certificate templates

Navigate to Advanced > Certificate > Certificate Template to view all templates on the Certificate Template page.

  • To view details of a specific certificate template, click the template name in the list.
  • To view details of a specific CA, click the CA in the list.

Modify a certificate template

Complete the following steps to modify a certificate template:

  1. Navigate to Advanced > Certificate > Certificate Template.
  2. On the Certificate Template page, click the check box for the certificate you want to modify, and the click Modify.
  3. Proceed to make changes on the Modify Certificate Template page as needed. For field and option descriptions refer to Add a certificate template.
  4. Click Save, then OK.

Delete a certificate template

To delete certificate templates:

  1. Navigate to Advanced > Certificate > Certificate Template.
  2. On the Certificate Template page, select the certificate template(s) and click Delete.
  3. On the Delete Certificate Template screen, click OK.

You can delete a template in use only after relevant Android and iOS settings have been deleted from the device management profile.

On this page

Is this page helpful?