1. Select Microsoft ADCS as the Authority Type and enable Restricted Enrollment Agent.

    The Username and Password entered here require administrative access to the certificate authority server as mentioned in the pre-requisites.

  2. Upload the public key file (.cer) exported in previous steps.

  3. Click Save.

Configure the Request Template

  1. Set the Issuing Template to either a default template or the template configured in “Configuring a Custom User Template.”
  2. Set the Requester Name to { EmailDomain}\{ EnrollmentUser} for best results. AD configuration in AirWatch is required to populate these look up values accurately.

    Only user-specific look up values are configurable in the requester name. Device-specific look up values are not supported.

  3. Click Save.

    This CA and template combination can be used in any profile in the credentials payload and associated with wifi, email, or vpn payloads.