An internally registered DNS record is for devices connecting over your organization's internal Wi-Fi network, and it tells them how to connect to Workspace ONE UEM (specifically, the Device Services server). An internal DNS record must be registered on the internal domain server.

In the standard, multi-server deployment, you must generate a self-signed certificate for your Console server (or you can use an internally issued certificate).

The externally available URL of the Workspace ONE UEM server must be set up with a trusted SSL certificate. A wildcard or individual Web site certificate is required.

  1. Open Server Manager and navigate to Roles > Web Server (IIS).
  2. Click the Server Name.
  3. Double-click Server Certificates.


  4. On the right, select Create Self-Signed Certificate.


  5. Enter the friendly name (FQDN) and select OK.


  6. Next you can add a 443 binding to the Default Web site in IIS. The bindings for a completed server look like the following. Your SSL certificate appears in the drop-down menu of available certificates.


  7. Also verify that you have a private key that corresponds to your certificate.