You can use the AirWatch Certificate Authority instead of the Active Directory Certificate Authority to set up single sign-on with built-in Kerberos authentication to AirWatch managed iOS 9 mobile devices. You can enable AirWatch Certificate Authority in the AirWatch admin console and export the CA issuer certificate for use in the VMware Identity Manager service.

The AirWatch Certificate Authority is designed to follow Simple Certificate Enrollment Protocol (SCEP) and is used with AirWatch managed devices that support SCEP. VMware Identity Manager integration with AirWatch uses the AirWatch Certificate Authority to issue certificates to iOS 9 mobile devices as part of the profile.

The AirWatch Certificate Authority issuer root certificate is also the OCSP signing certificate.