Before configuring the Secure Email Gateway (SEG) to use certificate authentication, you must have the following.
- An internal certificate authority (CA) server must be used to create user’s certificates. An external CA cannot be used (e.g., VeriSign, etc.) to create user’s certificates.
- Installed and operational Secure Email Gateway (SEG). For more information, see the VMware AirWatch Secure Email Gateway Guide, available on Accessing Other Documents.
- Windows Server 2003 or 2008 Standard with latest service packs and recommended updates from Microsoft (http://www.update.microsoft.com/).
- A device with an Exchange ActiveSync (EAS) profile and certificate from a domain enterprise certificate authority.
- A SEG that is configured as a member of the same domain as the enterprise certificate authority.
- Administrative permissions to be able to configure your enterprise.
- Secure Email Gateway (SEG)
- Active Directory (AD)
- Exchange ActiveSync (EAS) server
- A certificate authority properly configured to issue certificates throughout AirWatch through MSCEP/NDES or DCOM.
- A trust relationship between the certificate authority (CA) providing the certificates and the directory services server. This will entail:
- Export the root CA certificate to a .cer file.
At the command prompt, type the following command and press ENTER:
Certutil -dspublish -f <filename> NTAuthCA
certutil -enterprise -addstore NTAuth CA_CertFilename.cer