Add the Certificate Authority in Workspace ONE UEM

Now that the configuration of the Certificate Authority itself is done, you will now be configuring the Certificate Authority within Workspace ONE UEM.

In order for Workspace ONE UEM to retrieve a certificate from a Certificate Authority (CA), you must configure the Workspace ONE UEM console to use the communicate with the CA. There are two steps to this process:

  • Add the Certificate Authority
  • Add the Certificate Template

Return to the Workspace ONE UEM Console in your browser tab.

1. Add the Certificate Authority in Workspace ONE UEM

Configuring the CA in AirWatch
  1. Click Groups & Setting.
  2. Click All Settings.
Navigating to the CA Settings
  1. Click System.
  2. Expand Enterprise Integration.
  3. Click Certificate Authorities.
  4. Ensure the Certificate Authorities tab is selected.
  5. Click the + Add button.

1.2. Define the CA Settings in Workspace ONE UEM

  1. Enter CONTROLCENTER-CA for the Name.
  2. Enter Control Center Certificate Authority for the Description.
  3. Select Microsoft ADCS for the Authority Type.
  4. Select ADCS for the Protocol.
  5. Enter controlcenter.corp.local for the Server Hostname.
  6. Enter CONTROLCENTER-CA for the Authority Name.

NOTE - Do NOT click Save yet!  There are additional CA settings that need to be configured in the next step.

1.3. Define the CA Authentication Settings

  1. Scroll down to find additional configuration options.
  2. Select Service Account for the Authentication.
  3. Enter imaservice for the Username.
  4. Enter VMware1! for the Password.
  5. Enter VMware1! for the Confirm Password.
  6. Select None for Additional Options.
  7. Click Test Connection and ensure the "Test is Successful!" prompt displays at the top of the menu.
  8. Click Save and Add Template.

1.4. Setup the Certificate Template

  1. Enter your VLP email address for the Name.
  2. Enter Mobile User for the Description.
  3. Select CONTROLCENTER-CA for the Certificate Authority.  This is the Certificate Authority you created in the previous steps.
  4. Enter MobileUser for the Issuing Template.
    NOTE - Enter MobileUser as one word without spaces!
  5. Enter CN={EnrollmentUser} for the Subject Name.
  6. Select 2048 for the Private Key Length.

NOTE - Do NOT click Save yet!  The next step includes additional settings.

1.5. Complete and Save the Certificate Template

  1. Enable Signing for the Private Key Type.
  2. Enable Encryption for the Private Key Type.
  3. Enable Automatic Certificate Renewal.
  4. Enter 5 for Auto Renewal Period (days).
  5. Enable the Enable Certificate Revocation option.
  6. Click Save.

1.6. Close the Certificate Authorities Settings Page

  1. Click the Refresh button.
  2. Ensure the CONTROLCENTER-CA Certificate Authority you created is displayed.
  3. Click Close.

2. Conclusion and Wrap Up

This concludes the configuration of Microsoft Active Directory, Microsoft Certificate Authority, and Workspace ONE UEM with the VMware Enterprise Systems Connector.

Proceed to the next chapter to define an Workspace ONE UEM profile and configure your device for use with this enterprise certificate.