In order for AirWatch to use a certificate in a profile used to authenticate a user, an enterprise CA must be set up in the domain in an on-premises only environment. Additionally, the CA must be joined to the same domain as VMware Enterprise Systems Connector in order to successfully manage certificates within AirWatch. There are several methods for AirWatch to retrieve a certificate from the CA. Each method requires the basic installation and configuration described in this document.

Scenario #1 ‒ On Premises: All AirWatch application servers internal. VMware Enterprise Systems Connector not installed.

Certs_CertEnroll-ADCS-DCOM_01

Scenario #2 ‒ On Premises: Device Services located in the DMZ. CA and AirWatch servers internal. VMware Enterprise Systems Connector not installed.

Certs_CertEnroll-ADCS-DCOM_02

Scenario #3 ‒ On Premises: Devices Services, VMware Enterprise Systems Connector, AirWatch servers, and CA internal.

Certs_CertEnroll-ADCS-DCOM_03

Scenario #4 ‒ On Premises: Device Services located in the DMZ. VMware Enterprise Systems Connector, AirWatch servers, and CA internal.

Certs_CertEnroll-ADCS-DCOM_04

Scenario #5 ‒ SaaS: AirWatch Servers and Device Services in the internet cloud, and the VMware Enterprise Systems Connector and Internal CA are Internal.

Certs_CertEnroll-ADCS-DCOM_62