You must generate the root and intermediate certificates used during installation whether you are performing a Standard (Basic) or Advanced (Custom) installation.
- Download the installer package, titled VMware Workspace ONE ™ UEM Remote Management Installer, from my Workspace ONE.
- Extract all contents from the installer package ZIP file into c:\temp of the ARM server. Do not move the files around inside the temp folder as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
Run the Remote Management Certificate Generator which is included in the installer package.
Be certain to use the correct version of the tool according to the version of Workspace ONE UEM you are using.
Workspace ONE UEM Version Certificate Generator Tool Version Pre 9.2 RemoteManagementCertificateGenerator_Before_9_2 9.2 and after RemoteManagementCertificateGenerator_9_2
- This tool must be run on a machine with the same locale settings as the database server to ensure that the same date format is set in the SQL script.
- You must run this certificate generator as an administrator.
In the UEM console, switch to your primary organization group (OG).
- The OG you select must be of a 'customer' type. For more information about organization groups, see Organization Group Type Functions from the VMware Workspace ONE UEM Mobile Device Management Guide.
Navigate to Groups & Settings > All Settings > System > Advanced > Site URLs, scroll down to the External Remote Management section, and copy the string in the Remote Management CN text box.
- If the Remote Management CN text box is blank, then you must manually Create the Common Name from the Workspace ONE UEM Database.
Set the following values.
Setting Value Certificate Type Remote Management Deployment On-prem Certificate Common Name Paste the Remote Management CN copied from step 5 preceding.
- Select Generate Certificates.
- Set Password for the certificates when prompted. Store this password for future use.
Navigate to the folder holding the Remote Management Certificate Generator.
- Find the generated certificates file in the Artifacts\private folder called root_intermediate_chain.p7b.
Copy this file to the c:\temp\certs folder on the Advanced Remote Management Server. This file is the T10 Certificate which is needed later.
- The T10 interface certificate contains two major certificates that enable Workspace ONE UEM to communicate with the T10 portal. These certs are the Workspace ONE UEM portal Root and Intermediate certificates in a p7b file.
In the Artifacts folder, find the "Certificate Seed Script.sql". Run this script against the Workspace ONE UEM Database to seed the generated certificates into the Workspace ONE UEM database.
- If you receive the error message "The conversion of a varchar data type to a datetime data type resulted in an out-of-range value," then see Troubleshooting, Generate Certificates.
Support for multiple Workspace ONE UEM environments is available. For details, see Multi-Workspace ONE UEM Environment Support.