The Windows Auto-Discovery Service (WADS) requires because native enrollment for Windows devices does not connect to untrusted servers. Obtain a domain-specific SSL certificate for enterpriseenrollment.{domain}.

You must obtain this certificate yourself. Consider purchasing a certificate that remains active for at least three (3) years to minimize time and resources required to perform the administrative tasks of renewing certificates.


You must generate your own CSRs for your SSL certificates using your own servers regardless of using cloud-hosted WADS or on-premises WADS.

To obtain an SSL certificate:

  1. Obtain a domain-specific or wildcard SSL certificate for enterpriseenrollment.{domain}. The certificate must be a certificate type that contains the private key such as .pfx or .p12. If your certificate is not one of those file types, you must convert it before uploading it to the AirWatch Console.

    For instance, if you were to enter as your email address, the certificate must be obtained for or * If you are using a sub domain, the certificate cannot be a wildcard certificate and must be domain-specific. For example, if you are entering as your email address the certificate must be obtained for

  2. Create a CNAME/ANAME record for enterpriseenrollment.{domain} to point to your WADS server.