In order for Workspace ONE UEM to use a certificate in a profile used to authenticate a user, an enterprise CA must be set up in the domain in an on-premises only environment. Additionally, the CA must be joined to the same domain as VMware Enterprise Systems Connector in order to successfully manage certificates within Workspace ONE UEM. There are several methods for Workspace ONE UEM to retrieve a certificate from the CA. Each method requires the basic installation and configuration described in this documentation.

Scenario #1 ‒ On Premises: All Workspace ONE UEM application servers internal. VMware Enterprise Systems Connector not installed.

Certs_CertEnroll-ADCS-DCOM_01

Scenario #2 ‒ On Premises: Device Services located in the DMZ. CA and Workspace ONE UEM servers internal. VMware Enterprise Systems Connector not installed.

Certs_CertEnroll-ADCS-DCOM_02

Scenario #3 ‒ On Premises: Devices Services, VMware Enterprise Systems Connector, Workspace ONE UEM servers, and CA internal.

Certs_CertEnroll-ADCS-DCOM_03

Scenario #4 ‒ On Premises: Device Services located in the DMZ. VMware Enterprise Systems Connector, Workspace ONE UEM servers, and CA internal.

Certs_CertEnroll-ADCS-DCOM_04

Scenario #5 ‒ SaaS: Workspace ONE UEM Servers and Device Services in the internet cloud, and the VMware Enterprise Systems Connector and Internal CA are Internal.

Certs_CertEnroll-ADCS-DCOM_62