Now that you have completed Retrieving Certificate from SecureAuth Certificate Authority, Workspace ONE UEM is able to communicate with SecureAuth. The next step is to define which certificate will be deployed to devices by setting up a certificate template in Workspace ONE UEM. Use the following steps whether you are setting up a template for PKI or SCEP.

  1. Navigate to Devices > Certificates > Certificate Authorities.
  2. Select the Request Templates tab.
  3. Click Add.
  4. Select SecureAuth from the Certificate Authority drop-down menu.
  5. Enter the Name for the SecureAuth Request Template.
  6. Enter a Description to help you identify the SecureAuth certificate template.
  7. Enter the Subject Name, which is the identity bound to the certificate.
  8. Select the Key Pair Generation Location, which can be either Workspace ONE UEM or SecureAuth. This is where the key pair is generated – either on the SecureAuth side or on the Workspace ONE UEM side. Workspace ONE UEM recommends selecting SecureAuth because it is the simpler configuration.
    • When you select SecureAuth, it will generate the certificate and the private key and return it back to Workspace ONE UEM with its root certificate. The root certificate and user certificate are combined into a single cert and sent to the device to install.
    • When you select Workspace ONE UEM, you have a few more fields to configure: the Certificate Validity Period, which is the length of time the certificate is valid for in days (Workspace ONE UEM recommends the value 365), and the Private Key Length, which is how secure you want the keys to be (Workspace ONE UEM recommends 2048 as the key length).
  9. For Private Key Type, select if the certificate can be used for signing and encryption operations or both.
  10. Select the Automatic Certificate Renewal checkbox if Workspace ONE UEM is going to automatically request the certificate to be renewed by SecureAuth when it expires. If you select this option, enter the number of days prior to expiration before Workspace ONE UEM automatically requests SecureAuth to reissue the certificate in the Auto Renewal Period (days) field. This requires the certificate profile on SecureAuth to have the Duplicated Certificates setting enabled.
  11. Select the Enable Certificate Revocation checkbox if you want Workspace ONE UEM to be able to revoke certificates.
  12. Click Save.