The Windows Auto-Discovery Service (WADS) requires because native enrollment for Windows devices does not connect to untrusted servers. Obtain a domain-specific or wildcard SSL certificate for enterpriseenrollment.{domain}.

You must obtain this certificate yourself. Consider purchasing a certificate that remains active for at least three (3) years to minimize time and resources required to perform the administrative tasks of renewing certificates.

Note:

You must generate your own CSRs for your SSL certificates using your own servers regardless of using cloud-hosted WADS or on-premises WADS.

To obtain an SSL certificate:

  1. Obtain a domain-specific or wildcard SSL certificate for enterpriseenrollment.{domain}. The certificate must be a certificate type that contains the private key such as .pfx or .p12. If your certificate is not one of those file types, you must convert it before uploading it to the Workspace ONE UEM Console.

    For instance, if you were to enter jdoe@acme.com as your email address, the certificate must be obtained for enterpriseenrollment.acme.com or *.acme.com. If you are using a sub domain, the certificate cannot be a wildcard certificate and must be domain-specific. For example, if you are entering jdoe@ga.acme.com as your email address the certificate must be obtained for enterpriseenrollment.ga.acme.com.

  2. Create a CNAME/ANAME record for enterpriseenrollment.{domain} to point to your WADS server.