Now that the Symantec certificate authority and certificate template settings have been properly configured in Workspace ONE UEM, the final step is to configure Workspace ONE UEM profiles (payloads) for either PKI or SCEP.

If in Configuring CA, you chose PKI then you only need to configure a Credentials profile, but if you chose SCEP, you only need to configure a SCEP profile. Once either of these profiles is created, you can create additional payloads that the Symantec certificate can use, such as Exchange ActiveSync (EAS), VPN, or Wi-Fi services.

Configure a PKI Credential Payload

  1. Navigate to Devices > Profiles > List View.
  2. Click Add.
  3. Select the applicable platform for the device type.
  4. Specify all General profile parameters for organization group, deployment type, etc.
  5. Select Credentials from the payload options.
  6. Click Configure.
  7. Select Defined Certificate Authority from the Credential Source drop-down menu.
  8. Select the external Symantec CA you created previously in Configuring CA from the Certificate Authority drop-down menu.
  9. Select the certificate template for Symantec you created previously in Configuring Certificate Template from the Certificate Template drop-down menu.

At this point, saving and publishing the profile would deploy a certificate to the device. However, if you plan on using the certificate on the device for Wi-Fi, VPN, or email purposes, then you should also configure the respective payload in the same profile to leverage the certificate being deployed.

Configure a SCEP Payload

To configure a SCEP payload, follow all instructions in Configuring a PKI Credential Payload, except for one modification:

  1. Select SCEP from the payload area on the left rather than configuring Credentials.
  2. Select Defined Certificate Authority from the Credential Source drop-down menu.
  3. Select the external Symantec CA you created for using SCEP previously in Configuring CA from the Certificate Authority drop-down menu.
  4. Select the certificate template for Symantec you created for using SCEP previously in Configuring Certificate Template from the Certificate Template drop-down menu.

At this point, saving and publishing the profile would deploy a certificate to the device. However, if you plan on using the certificate on the device for Wi-Fi, VPN, or Email purposes, then you should also configure the respective payload in the same profile to leverage the certificate being deployed.