In order for AirWatch to use a certificate in a profile, which is used to authenticate a user, an enterprise certificate authority does not need to be set up in the same domain as the AirWatch server.
There are several methods for AirWatch to retrieve a certificate from the certificate authority. Each method requires the basic installation and configuration described in this document. Sample CA Configurations are shown below in the AirWatch SaaS environment. Configurations will differ in on-premises environments.
Scenario #1: AirWatch to NDES/SCEP/MSCEP and then to Certificate Authority
Scenario #2: AirWatch to VMware Enterprise Systems Connector, then to NDES/SCEP/MSCEP, and then to Certificate Authority
Scenario #3: On-Premises DS and NDES in the DMZ with Internal AW Console and CA
Scenario #4: On-Premises with All Servers Internal and SCEP Proxy