Now that you have completed Step 1: Configuring Entrust in AirWatch, AirWatch is able to communicate with Entrust. The next step is to define which certificate will be deployed to devices by setting up a certificate template in AirWatch.

Use the following steps whether you are setting up a template for PKI or SCEP.

  1. While still in the Certificate Authorities system settings page ( Groups & Settings > All Settings > System > Enterprise Integration > Certificate Authorities), select the Request Templates tab.
  2. Select the Add button to add a new Certificate Template.
  3. The Certificate Template Add/Edit window displays. First, select on the Certificate Authority drop-down and select the OpenTrust certificate authority you created in completed in Step 1: ConfiguringEntrust in AirWatch.
  4. Enter in the Name and Description fields the name you want to give the Entrust certificate template.
  5. For Managed CA, select the name of the Certification Authority you configured in Entrust.
  6. Click on the Profile Name drop-down and select the name of the Digital ID Configuration that you created while configuring Entrust. If you are using Entrust Managed Services PKI, this Digital ID Configuration should have been provided to you by an Entrust representative.
  7. Configure Subject Alternative Name (SAN) attributes as required. These are used for additional unique identification of the device and need to match the Digital ID configuration.
  8. If AirWatch is going to automatically request the certificate to be reviewed by Entrust when it expires, check the Automatic Certificate Renewal check box and then enter in the Auto Renewal Period (days) setting the number of days prior to expiration before AirWatch auotmatically requests Entrust to reissue the certificate.
  9. If certificates need to be revoked either manually or when they are removed from the device, select Enable Certificate Revocation.
  10. Mandatory Fields are used to form the common name of the distinguished name within the certificate. These fields can change depending on which Entrust profile you choose since the information within the profile may be different.

    The fields you see on the left side correspond to the data source fields you declared on the Entrust side. The values on the right are the AirWatch variables. Enter Lookup Values in each of the fields that complement those fields in the Entrust profile. Make sure the lookup values you use match those used in the Digital ID configuration.

    If you are using Entrust Managed Services PKI, this information should have been provided to you by an Entrust representative.

  11. Click Save.