What is the name of the domain?
acb.xyz.ca
What is the error number?
No error given
What is the issue you’re encountering
mTLS Certificate not working properly in Android Work Profiles
What steps have you taken to resolve the issue?
a) changing certificate stores
b) using a different android browser like brave, firefox etc
c) tried deploying root cert to android device as well as client cert
d) google-fu for days
e) checked Google Workspace MDM settings for URL and certificate settings, and spoke to Google support who attempted to suggest a few options.
*NOTE: This all works as expected on desktops/laptops, so I don’t think it’s a cloudflare configuration issue. It’s something specific to how Android handles work profile certificates. I am hoping someone has some insight or workaround for this.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
- import the certificate.pfx into Android. (our users only have a work profile, not a personal and work profile)
- Verify it is identified as a user certificate in Certificates and Encryption Settings
- Attempt to access the mTLS protected website which requires the user certificate to be present
- Blocked page by Cloudflare
Note: If I test it on a device that has both personal and work profiles, and import it as the personal profile user, the certificate is recognized and used properly. It has been tested on Android 14, 13, and 12, none work properly in the work profile.