To integrate your RSA instance with AirWatch you will need to perform the following steps from the RSA Console.

Obtain Your Jurisdiction ID

The Jurisdiction ID is used by RSA to determine which CA to issue the certificate against. You will need this value when performing the next section’s steps from the AirWatch Console.

To view it:

  1. Log in to the RSA CM Console.
  2. Click on CA Operations.
  3. On the left-hand column above Local CAs, select the appropriate CA from this drop-down list.:

    Certs_RSA-PKI_03

  4. Toward the bottom of the right-hand column under Jurisdiction Configuration, your jurisdictions appear in a drop-down listing. Select the appropriate jurisdiction and select the View Configuration button.

  5. Copy the Jurisdiction ID that appears in the resulting Jurisdiction page.

    Certs_RSA-PKI_04

Obtain Your Profile ID

The Profile ID is used by RSA to identify the profile you select in the Profile Name drop-down field. You will need this value when completing the next section’s tasks.

Obtain the Profile ID by taking the following steps:

  1. Log into the RSA CM Console.
  2. Click on System Configuration.
  3. On the left-hand column, select the General category menu item Extension Profiles.
  4. Select a specific profile by choosing from the Existing Profiles drop-down field.
  5. Click the Edit button.
  6. The Profile ID will be listed under the Profile Name. Take note of this number.

    Certs_RSA-PKI_05

Request an Authentication Certificate

The authentication certificate is used to authenticate requests from the AirWatch Console and needs to be uploaded when performing integration in the next section. To request it:

  1. Log in to the RSA CM Console.
  2. Click on Administrator Operations.
  3. Click on Administrator URLs.
  4. Copy either the Firefox/Mozilla URL if you intend to use Firefox or the MSIE URL if you intend to use Internet Explorer.

    Certs_RSA-PKI_06

  5. From either Firefox or IE (depending on which you copied) navigate to the URL you copied.

  6. Complete the form that displays.

    1. For Select Certificate Type, select Vettor Certificate, which gives rights to request all non-admin CAs.

    2. AirWatch recommends that you set the key size to High Grade.

    3. Your browser will generate the public and private key pair. Once it’s complete, it will submit the request to your RSA CM. An administrator will need to manually approve this request. Once it’s complete, you will receive an email with a link to proceed. If you are the administrator generating the certificate, perform the following:

  7. Log in to the RSA CM Console.

  8. Click on Administrator Options.

  9. On the left-hand column, use the drop-down menu to select the appropriate CA.

  10. Select Request Active.

  11. Find the submitted request and select on the Common Name value that is in the Request for column.

  12. Verify the submission is correct. Select the appropriate jurisdictions and then Issue Certificate at the bottom of the form.

  13. Open the link that was emailed to the requestor using the same browser you used to submit the request. Then select on Install Client Certificate.

    If successful, you should see a pop-up menu that says “Your personal certificate has been installed. You should keep a backup copy of this certificate.”

    Next you need to export this certificate from your browser. The following steps are for Firefox.

    1. Open the Options menu in your browser.

    2. Click the Advanced tab.

    3. Click View Certificates.

    4. Select the appropriate certificate and select Backup.

    5. Select where you want to save the file and name it.

    6. Click Save.

    7. Enter a password for the private key.

    8. Finish the export process.

    You have now generated your certificate. You will upload this into the AirWatch Console in the next section, where it will be used for submitting certificate requests.

Obtain your Port Number

The REST API listening port that you will need when performing integration in the next section can be found in your Apache httpd.conf file, provided that you are on RSA Certificate Manager 6.9 build 555 or higher. If you are not on this version, you will need to upgrade and follow RSA’s instructions to modify your Apache config file.

The port number you need to take note of is shown in the Apache config file, as shown below:

Certs_RSA-PKI_07