In order for AirWatch to use a certificate in a profile used to authenticate a user, an enterprise CA must be set up in the domain. Additionally, the CA must be joined to the same domain as VMware Enterprise Systems Connector in order to successfully manage certificates within AirWatch. There are several methods for AirWatch to retrieve a certificate from the CA. Each method requires the basic installation and configuration described in this document. Sample CA Configurations are shown below.

Scenario #1 ‒ On Premise: All AirWatch application servers are internal. VMware Enterprise Systems Connector is not installed.

Certs_Microsoft_DCOM_01

Scenario #2 ‒ On Premise: Device Services is located in the DMZ. CA and AirWatch servers are internal. VMware Enterprise Systems Connector is not installed.

Certs_Microsoft_DCOM_2

Scenario #3 ‒ On Premise: Devices Services, VMware Enterprise Systems Connector, AirWatch servers, and CA are internal.

Certs_Microsoft_DCOM_3

Scenario #4 ‒ On Premise: Device Services is located in the DMZ. VMware Enterprise Systems Connector, AirWatch servers, and CA are internal.

Certs_Microsoft_DCOM_4

Scenario #5 ‒ SaaS: AirWatch is SaaS. VMware Enterprise Systems Connector and CA are internal.

Certs_Microsoft_DCOM_5