1. Home
  2. Knowledge Base
  3. OEM
  4. Zebra
  5. How to silently install and deploy certificates for Zebra devices

How to silently install and deploy certificates for Zebra devices

Admins may want to silently install and deploy certificates for Zebra devices using an OEM agent. Now remotely managed Zebra devices can be silently authenticated for access to a network using the below steps.


The purpose of this knowledge article is to provide a guide on how to silently install and deploy certificates for Zebra devices. 


  • An OEM Agent has to be installed on the device to communicate with the StageNow client.
  • This method works from version MX 4.3 onward.


Steps to install and deploy certificates to Zebra devices.

  • Install the OEM Agent using the Android Install job.
  • Create a File Transfer job with the certificate and apply it to the devices.
  • Create a run script with the below-mentioned script and change the required details.
  • Push the run script on the device and check the installed certificates.

Step 1 

  1. Upload the Zebra OEM Agent to the App store.
  2. Go to Jobs and select Install Applications.
  3. Select the OEM app from the SureMDM App store and save the job.
  4. Apply the job on the Zebra device. 


  • You can also install OEM agents through profiles. For additional details, click on this link.
  • For more information on how to install applications on a device through the console, please refer to this link.

Step 2 

  1. Create a File Transfer job and upload the required certificate to the job.
  2. Apply the created certificate file transfer job on the device.

Step 3 

  1. Create a Run Script job to silently install the certificate (.PEM,.PFX,.P12, etc.) on Zebra devices.
  2. Apply the runscript job on the device.



 zebra(<wap-provisioningdoc><characteristic version=”4.2″ type=”CertMgr”><parm name=”CertAction” value=”1″ /><characteristic type=”cert-details”><parm name=”CertAlias” value=”cert.pem” /><parm name=”CertType” value=”8″ /><parm name=”CertMethod” value=”2″ /><parm name=”CertFileClient” value=”/sdcard/cert.pem” /><parm name=”CertAdjustClock” value=”false” /><parm name=”PrivateKeyPassword” value=”apples” /></characteristic></characteristic></wap-provisioningdoc>)value=”false” /><parm name=”PrivateKeyPassword” value=”apples” /></characteristic></characteristic></wap-provisioningdoc>)

In the above script replace: <parm name=”CertAlias” value=”cert.pem” /> with actual certificate name, <parm name=”CertFileClient” value=”/sdcard/cert.pem” /> with actual cert. path from device location and password from mentioned params. <parm name=”PrivateKeyPassword” value=”apples” />.

Need more help? Here’s how to get help from our experts. 


Was this helpful?
Updated on June 2023