Now that you have completed Step 5: Retrieving Certificate from OpenTrust Certificate Authority, Workspace ONE UEM is able to communicate with OpenTrust. The next step is to define which certificate will be deployed to devices by setting up a certificate template in Workspace ONE UEM.

Use the following steps whether you are setting up a template for PKI or SCEP.

  1. While still in the Certificate Authorities system settings page ( Groups & Settings > All Settings > System > Enterprise Integration > Certificate Authorities), select the Request Templates tab.
  2. Select the Add button to add a new Certificate Template.
  3. The Certificate Template Add/Edit window displays. First, select on the Certificate Authority drop-down and select the OpenTrust certificate authority you created in completed in Step 5: Retrieving Certificate from OpenTrust Certificate Authority.

  4. Enter in the Name and Description fields the name you want to give the OpenTrust certificate template.
  5. If Workspace ONE UEM is going to automatically request the certificate to be renewed by OpenTrust when it expires, check the Automatic Certificate Renewal checkbox and then enter in the Auto Renewal Period (days) field the number of days prior to expiration before Workspace ONE UEM automatically requests OpenTrust to reissue the certificate.
  6. Click on the Profile Name drop-down and select the OpenTrust profile you created in Step 4.

    Mandatory Fields display. These fields can change depending on which OpenTrust profile you choose since the information within the profile may be different. The fields you see on the left side correspond to the datasource fields you declared on the OpenTrust side. The values on the right are the Workspace ONE UEM variables.

    The lookup values you enter in the Workspace ONE UEM Certificate Template Mandatory Fields above are used as attributes for certificate generation. Make sure the lookup values you use match those used in the OpenTrust Portal. For example, if your mail in OpenTrust Portal is email address then use the {EmailAddress} lookup value for mail in the Workspace ONE UEM certificate template. If the lookup values do not match, OpenTrust will create a new user.

  7. Enter Lookup Values in each of the fields that complement those fields in the OpenTrust profile.

  8. Click Save.