You must generate the root and intermediate certificates used during installation whether you are performing a Standard (Basic) or Advanced (Custom) installation.

  1. Download the installer package, titled VMware Workspace ONE ™ UEM Remote Management Installer, from my Workspace ONE.
  2. Extract all contents from the installer package ZIP file into c:\temp of the ARM server. Do not move the files around inside the temp folder as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
  3. Run the Remote Management Certificate Generator which is included in the installer package.

    • Be certain to use the correct version of the tool according to the version of Workspace ONE UEM you are using.

      Workspace ONE UEM Version Certificate Generator Tool Version
      Pre 9.2 RemoteManagementCertificateGenerator_Before_9_2
      9.2 and after RemoteManagementCertificateGenerator_9_2
    • This tool must be run on a machine with the same locale settings as the database server to ensure that the same date format is set in the SQL script.
    • You must run this certificate generator as an administrator.
  4. In the UEM console, switch to your primary organization group (OG).

    • The OG you select must be of a 'customer' type. For more information about organization groups, see Organization Group Type Functions from the VMware Workspace ONE UEM Mobile Device Management Guide.
  1. Navigate to Groups & Settings > All Settings > System > Advanced > Site URLs, scroll down to the External Remote Management section, and copy the string in the Remote Management CN text box.

  2. Set the following values.

    Setting Value
    Certificate Type Remote Management
    Deployment On-prem
    Certificate Common Name Paste the Remote Management CN copied from step 5 preceding.
  3. Select Generate Certificates.
  4. Set Password for the certificates when prompted. Store this password for future use.
  5. Navigate to the folder holding the Remote Management Certificate Generator.

    1. Find the generated certificates file in the Artifacts\private folder called root_intermediate_chain.p7b.
    2. Copy this file to the c:\temp\certs folder on the Advanced Remote Management Server. This file is the T10 Certificate which is needed later.

      • The T10 interface certificate contains two major certificates that enable Workspace ONE UEM to communicate with the T10 portal. These certs are the Workspace ONE UEM portal Root and Intermediate certificates in a p7b file.
  6. In the Artifacts folder, find the "Certificate Seed Script.sql". Run this script against the Workspace ONE UEM Database to seed the generated certificates into the Workspace ONE UEM database.

Support for multiple Workspace ONE UEM environments is available. For details, see Multi-Workspace ONE UEM Environment Support.