Configure VMware Tunnel to rotate public SSL certificates to maintain the end-user service experience. VMware Tunnel only supports rotating public SSL certificates.
Note: For immediate certificate rotation, your front-end and back-end servers must be able to communicate with AWCM. Otherwise the rotation might take up to four hours.
- Navigate to .
- Select Edit to change the configuration settings.
- In the Server Authentication section, you can configure Third Party SSL Certificate that secures client-server communication from enabled application on a device to the VMware Tunnel. By default, this setup uses a AirWatch certificate for secure server-client communication.
- Select Third Party option if you prefer to use a third-party SSL certificate for encryption between Workspace ONE Web or SDK-enabled apps and the VMware Tunnel server.
- Select Add Certificate to upload a .PFX or .P12 certificate file and enter the password. This file must contain both your public and private key pair. CER and CRT files are not supported.
- Select Save to add the certificate to the database.
- In the UEM console, publish a new version of your VPN profiles configured for VMware Tunnel to devices.