In order for Workspace ONE UEM to use a certificate in a profile used to authenticate a user, an enterprise CA must be set up in the domain. Additionally, the CA must be joined to the same domain as VMware Enterprise Systems Connector in order to successfully manage certificates within Workspace ONE UEM. There are several methods for Workspace ONE UEM to retrieve a certificate from the CA. Each method requires the basic installation and configuration described in this documentation. Sample CA Configurations are shown below.

Scenario #1 ‒ On Premise: All Workspace ONE UEM application servers are internal. VMware Enterprise Systems Connector is not installed.

Certs_Microsoft_DCOM_01

Scenario #2 ‒ On Premise: Device Services is located in the DMZ. CA and Workspace ONE UEM servers are internal. VMware Enterprise Systems Connector is not installed.

Certs_Microsoft_DCOM_2

Scenario #3 ‒ On Premise: Devices Services, VMware Enterprise Systems Connector, Workspace ONE UEM servers, and CA are internal.

Certs_Microsoft_DCOM_3

Scenario #4 ‒ On Premise: Device Services is located in the DMZ. VMware Enterprise Systems Connector, Workspace ONE UEM servers, and CA are internal.

Certs_Microsoft_DCOM_4

Scenario #5 ‒ SaaS: Workspace ONE UEM is SaaS. VMware Enterprise Systems Connector and CA are internal.

Certs_Microsoft_DCOM_5