To establish a Content Gateway node, configure the Content Gateway settings in the Workspace ONE UEM console. Configuration includes selecting the platform, configuration model, associated ports, and if necessary, uploading an SSL certificate.

You can either add a new node and configure the Unified Access Gateway settings or edit an existing configuration and provide the Unified Access Gateway parameters. When you edit an existing configuration, the updated settings are applied on the active repositories and help you to minimize the manual configuration and the accessibility of end users.

After you edit and save the existing configuration of your standalone Content Gateway instance, you cannot revert to the previously configured values. In case you revert to the previously configured values on the console, you must reinstall the Content Gateway.

Procedure

  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > Content Gateway in the Organization Group of your choice.
  2. Set Enable the Content Gateway to Enabled.
    You might need to select Override to unlock Content Gateway settings. If you have an existing active Content Gateway node, the setting is enabled.
  3. Select the Configuration Type.
    • If you want to configure a new Content Gateway Node in the Workspace ONE UEM console, select Add.
    • If you want to edit an existing node, select Edit.
  4. To configure a Content Gateway node, complete the following fields.
    1. Configure the Installation Type.
      Settings Descripton
      Installation Type Unified Access Gateway appears as the default available platform for Content Gateway.
    2. Configure the Content Configuration settings.
      Settings Descripton
      Configuration Type
      • Basic – Endpoint configuration with no relay component.
      • Relay – Endpoint configuration with a relay component.
      Name Provide a unique name used to select this Content Gateway instance when attaching it to a Content Repository, Repository Template, or RFS Node.
      Content Gateway Relay Address If implementing a relay configuration, enter the URL used to access the Content Gateway Relay from the Internet.
      Content Gateway Relay Port If implementing a relay configuration, enter the relay server port.
      Content Gateway Endpoint Address Enter the host name of the Content Gateway endpoint. The Public SSL certificate bound on the configured port must be valid for this entry.
      Content Gateway Endpoint Port Enter the endpoint server port.
    3. Configure the Content SSL Certificate settings.
      Settings Description
      Public SSL Certificate (required for Linux requirements)

      If necessary, upload a PKCS12 (.pfx) certificate file with a full chain for the Content Gateway Installer to bind to the port. The full chain includes a password, server certificate, intermediates, root certificate, and a private key.

      Note: To ensure that your PFX file contains the entire certificate chain, you can run commands such as certutil -dump myCertificate.pfx or openssl pkcs12 -in myCertificate.pfx -nokeys using command-line tools such as Certutil or OpenSSL. These commands display the complete certificate information.

      Requirements vary by platform and SSL configuration.

      Ignore SSL Errors (not recommended) If you are using a self-signed certificate, then enable this setting. If enabled, Content Gateway ignores certificate trust errors and certificate name mismatches.
      Table 1. Public SSL Certificate Upload for Linux
      Console Action SSL Offloading Server Action
      Upload No Opt out of SSL Offloading when prompted during installation.
      Upload Optional Yes Select SSL Offloading when prompted during installation.
    4. Configure the Certificate Authentication settings.
      Settings Description
      Enable Cross-domain KCD Authentication Enable this setting to authenticate users with the PIV-D Derived Credentials instead of user names and passwords.

      PIV-D certificate authentication is for the users who access the on-prem SharePoint repositories from their devices.

      Client Certificate Chain The certificate chain used to issue client certificates.
      Target SPN

      SPN of the target service.

      Service Account Username User name of the service account that has delegation rights.
      Service Account Password Password for the service account.
      Domain Name of the domain in the Active Directory (AD) containing the users.
      Domain Controller Hostname or IP address of the domain controller for the domain.
    5. Enter the Content Gateway edge service values under the Custom Gateway Settings.

      This step is optional. You must perform this step only if you want to override the default configuration values for Content Gateway.

      With the edge service values set on the UEM console, the configuration file changes are automated and do not require manual updates to the configuration files each time the UAG is upgraded. For more information about the custom values for Content Gateway, see Custom Values for Content Gateway topic in the Content Gateway documentation.

      ICAP Proxy configurations are not supported from Workspace ONE UEM console version 9.7. However, existing configurations can be edited. For information about configuring ICAP Proxy, see https://kb.vmware.com/s/article/2960835

  5. Select Add and then selectSave.
    Note: HTTP traffic is not allowed for Content Gateway on port 80 on Unified Access Gateway because TCP port 80 is used by the edge Service Manager.