Why can't I set up VPN, using the Knox SDK, even after setting up a complex passcode policy and rebooting the device?

The KeyStore needs to be unlocked before you can set up VPN.

To unlock the KeyStore, call the boolean unlockCredentialStorage(String password) method. In Android versions after 4.0, the system ignores the password argument.

To check if the credential storage has been unlocked:

  1. Instruct the user to enter the device unlock passcode, see code below.
  2. Call getCredentialStorageStatus(). If this returns ERROR_KEYSTORE_NONE, the KeyStore is open.
EnterpriseDeviceManager edm = EnterpriseDeviceManager.getInstance(context);
CertificateProvisioning certProvisioning = edm.getCertificateProvisioning();
try {
	boolean result = certProvisioning.unlockCredentialStorage("abc34567");
	if(true == result) {
		// dialog to set a screen lock was prompted correctly.
} catch(SecurityException e) {
	Log.w(TAG,"SecurityException: "+e);