Configure VMware Tunnel to rotate public SSL certificates to maintain the end-user service experience. VMware Tunnel only supports rotating public SSL certificates.


For immediate certificate rotation, your front-end and back-end servers must be able to communicate with AWCM. Otherwise the rotation might take up to four hours.


Complete the following steps to rotate the public SSL certificate:

To prepare a new public SSL certificate:

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel > Configuration and select the Advanced tab.
  2. Scroll down to the Per-App Tunnel Authentication section.
  3. Select Add and upload a new public SSL certificate.

  4. Select Save to add the certificate to the database.
  5. In the UEM console, publish a new version of your VPN profiles configured for VMware Tunnel to devices.

After all the end-user devices have the new profile version, select Activate Certificate to use the new certificate. If you have uploaded an incorrect certificate and wish to remove the certificate from the database, select Remove.