To enable sign in using the certificate authentication method, you configure SSL passthrough on the load balancer for the port defined on the Install SSL Certificate > Passthrough Certificate tab in the Workspace ONE Access console.

Enabling certificate authentication for a Workspace ONE Access on-premises deployment requires setting SSL pass-through at the load balancer. Upload a root certificate and intermediate certificates and private key to Passthrough Certificate tab.

You can also upload a certificate to be used for Android SSO device authentication. See the Android Mobile Single Sign-on to VMware Workspace ONE publication.

Procedure

  1. Log in to the Workspace ONE Access console and select Dashboard > System Diagnostics Dashboard.
  2. Click VA Configuration of the service node you want to configure and log in with the admin user password.
  3. Click Install Certificates, then select the Passthrough Certificate tab.
  4. Enter the passthrough certificate port number to use.
  5. Paste the entire certificate in to the SSL Certificate Chain text box.

    The certificate must be in an OpenSSL PEM format with the primary certificate first, the intermediate certificates in the middle, and then the root CA certificate.

    The entire certificate is everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----.

  6. Paste the certificate private key into the Private Key text box.
  7. Click Add.

Manually Modify Runtime Configuration File for Each Node in Cluster

You must manually update the runtime-config.properties file to apply the passthrough certificate port number to use.

  1. Using an SSH client, log in to the Workspace ONE Access appliance as the root user.
  2. Open the /usr/local/horizon/conf/runtime-config.properties file. Enter vi /usr/local/horizon/conf/runtime-config.properties.
  3. Change the components.certauth.port gateway port value to the passthrough certificate port number you configured earlier.
  4. Save the runtime-config.properties file.
  5. Restart the appliance. Enter service horizon-workspace restart.

    Repeat this for all appliances in your environment.