Connect
Ask Community
Ask the community
Ask Community
  • Home
  • Android
  • Android Enterprise QR Enrollment with WPA2-Enterprise Wi-Fi

Android Enterprise QR Enrollment with WPA2-Enterprise Wi-FiSolved

Profile photo of haniel
haniel
Participant
Discussion
Hexnode UEM
3 days ago Mar 13, 2026

Hey everyone, we’re currently rolling out Android Enterprise device owner enrollment using the 6-tap QR method, and we’ve run into a challenge when the deployment environment uses WPA2-Enterprise Wi-Fi. 

During enrollment, the device tries to connect to the corporate Wi-Fi network, but authentication fails because the Root CA certificate required for WPA2-Enterprise isn’t yet installed on the device. In the normal Android Wi-Fi setup UI, users get a prompt to trust the certificate, but in the 6-tap provisioning screen there’s no such prompt. 

Because of this, the device can’t establish internet connectivity during provisioning. 

We were wondering if it’s possible to embed the CA certificate directly inside the Android Enterprise enrollment QR code JSON payload so the device can authenticate to Wi-Fi immediately. 

Has anyone tried something similar? Also curious if adding the certificate might make the QR code too large to scan reliably. 

topic view count 14 Views

Tags

Android (482) Enrollment (110)
Reply

Replies (1)

Marked SolutionPending Review
Profile photo of kylian_parker Hexnode Expert image
kylian_parker
Hexnode Expert
3 days ago Mar 13, 2026
Marked SolutionPending Review

Good question, @haniel , this scenario does come up in enterprise networks that require certificate-based authentication during initial provisioning. 

At the moment, Hexnode’s QR code generator does not support embedding CA certificates in the enrollment payload. Implementing this would require server-side changes to support additional Android provisioning extras during QR code generation. 

There’s also a technical limitation to consider with QR codes themselves. The QR used for Android Enterprise 6-tap enrollment has a size limit. Since a Base64-encoded Root CA certificate can be quite large, including the full certificate inside the QR payload would likely exceed that limit and make the QR code difficult or impossible for many devices to scan reliably. 

Because of this limitation, embedding the certificate directly in the QR code is not currently feasible. 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
2330 pts
Profile photo of timo-liam Veteran image
timo-liam
1525 pts
Profile photo of eliiza Novice image
eliza
1492 pts
Profile photo of finn Veteran image
finn
1400 pts
Profile photo of leo_scott Novice image
leo_scott
1367 pts
View all

Popular Tags

ABM (54)
Android (482)
iOS (363)
macOS (483)
Windows (329)
Apple TV (33)
App Management (363)
Enrollment (110)
Location (30)
Kiosk (229)
Scripts (90)
ADE (50)
OS Updates (79)
Android Enterprise (145)
View all