In order for Workspace ONE UEM to use a certificate in a profile, which is used to authenticate a user, an enterprise certificate authority does not need to be set up in the same domain as the Workspace ONE UEM server.
There are several methods for Workspace ONE UEM to retrieve a certificate from the certificate authority. Each method requires the basic installation and configuration described in this documentation. Sample CA Configurations are shown below in the Workspace ONE UEM SaaS environment. Configurations will differ in on-premises environments.
Scenario #1: Workspace ONE UEM to NDES/SCEP/MSCEP and then to Certificate Authority
Scenario #2: Workspace ONE UEM to VMware Enterprise Systems Connector, then to NDES/SCEP/MSCEP, and then to Certificate Authority
Scenario #3: On-Premises DS and NDES in the DMZ with Internal AW Console and CA
Scenario #4: On-Premises with All Servers Internal and SCEP Proxy