Now that the RSA certificate authority and certificate template settings have been properly configured in Workspace ONE UEM, the final step is to configure Workspace ONE UEM profiles (payloads). If in Retrieving Certificate from RSA Certificate Authority (referenced in the fourth bullet in System Requirements), you chose PKI then you only need to configure a Credentials profile. Once either of these profiles is created, you can create additional payloads that the RSA certificate can use, such as Exchange ActiveSync (EAS), VPN, or Wi-Fi services.

Configuring a PKI Credential Payload

  1. Navigate to Devices > Profiles > List View.
  2. Click Add.
  3. Select the applicable platform for the device type.
  4. Specify all General profile parameters for organization group, deployment type, etc.
  5. Select Credentials from the payload options.
  6. Click Configure.
  7. Select Defined Certificate Authority from the Credential Source drop-down menu.
  8. Select the external RSA CA you created previously in Retrieving Certificate from RSA certificate authority from the certificate authority drop-down menu.
  9. Select the Certificate Template for RSA you created previously in Setup Certificate Template for RSA CA Type from the certificate template drop-down menu.

    At this point, Saving and Publishing the profile would deploy a certificate to the device. However, if you plan on using the certificate on the device for Wi-Fi, VPN, or email purposes, then you should also configure the respective payload in the same profile to leverage the certificate being deployed. For step-by-step instructions on configuring these payloads, refer to the applicable Platform Guides.