An enterprise network certificate, also referred to as an Enterprise SSL Certificate or an Enterprise PKI (Public Key Infrastructure) certificate, is a digital certificate specifically designed for use within a corporate or organizational network. These certificates are issued by a Certification Authority a.k.a. Certificate Authority. They are commonly used to determine whether a device can trust a network or vice versa and are part of a broader framework of digital security used to establish trust, authenticate users and devices, and secure communications within enterprise networks. Contributing to an overall safer network environment.

You can think of certificates like employee badges. If someone has an official employee badge, you would trust them to be working for the organization. Different employees may have different types of badges–some might verify that they are an employee and can access certain areas, and some may verify that you should trust whoever has the badge with elevated permissions or to give you information about security.

There are two main types of certificates:

User certificates are used to verify the identity of users and devices on a network, like an employee badge that lets you into a building.

Unlike a WiFi password, which anyone can share, user certificates work more like digital ID cards—each one is unique to a specific device. These certificates let the network verify exactly which devices are connecting, giving administrators much tighter control over network access.

User certificates (also called device certificates or client certificates) are commonly used on enterprise networks, educational institutions, and other organizations that need to control network access. In ManageXR, we call these Authentication Certificates – a certificate paired with its private key that allows a device to prove its identity to the network.

In almost all cases, a user certificate should be deployed alongside a WiFi network in ManageXR, not installed directly on the device.

Many organizations use SCEP (Simple Certificate Enrollment Protocol) to automate certificate provisioning. SCEP is more complex to set up, but it allows devices to request and receive certificates automatically from the network rather than distributing them manually. If your organization requires SCEP, you'll need to configure it separately in ManageXR.

Learn more about SCEP and how it can be configured in ManageXR.

A CA certificate verifies that an endpoint or system is controlled by the person or organization it claims to be, like a wax seal on an official letter that proves it's authentic.

You may need a CA certificate in two situations: to authenticate to the network during initial connection, or to trust the network's security infrastructure once connected.

Most enterprise networks use certificate-based authentication for wireless security. When you try to connect, the network presents its certificate to prove its identity. Your device needs the matching CA certificate to verify this claim and confirm the network is legitimate. This is often required for networks using WPA2-Enterprise or 802.1X protocols. If your device can't connect to the network at all, the CA certificate needs to be added to the wireless network settings in ManageXR so authentication can succeed.

However, some networks also use tools such as content filters, firewalls, and reverse proxies that intercept internet traffic. If your network uses a self-signed certificate for these systems, you'll need to install the certificate directly on the device at the system level as a globally trusted CA. Otherwise, your device will see "No internet" and SSL errors even when you're already connected to the network.

This documentation will walk you through adding a network certificate to a WiFi profile on ManageXR or installing it on the system, depending on your needs. If you’re unsure which deployment method is right for you, see the above!