As an admin, you can use the Certificate Authorities (CA) settings to integrate your certificate authority with Workspace ONE UEM for increased stability, security, and authentication. Certificates help protect your infrastructure from brute force attacks, dictionary attacks, and employee error.

What can you do with the Workspace ONE UEM Certificate Authorities settings page?

The path to the Workspace ONE UEM Certificate Authorities settings on the console is Groups & Settings > All Settings > System > Enterprise Integration > Certificate Authorities.

With the Workspace ONE Certificate Authorities settings page, you can:

  • Protect your infrastructure from brute force attacks, dictionary attacks, and employee error.
  • Issue digital certificates that authenticate servers, individuals, and organizations.
  • Maintain certificate revocation lists that indicate when certificates become invalid prior to their expiry dates.

Certificate Authorities Tab

Rather than configure specific settings, it is here that you actually add a CA and create its request template. Available actions are listed below.

Setting Description
Certificate Authority Enter a name for the certificate authority. This is how the CA is displayed within the Workspace ONE UEM console.
Server Enter the host name of the CA server in the Server field.
Username Enter the username of the CA server,
Authority Type Enter the type of certificate authority being defined in Workspace ONE UEM.
Challenge Username Enter the Challenge Username. This username and is used to authenticate the device making the request.
Challenge Type Allows the admin to choose between static challenge and no challenge.
Organization Group Enter the organization group name.

Request Templates Tab

Setting Description
Name Enter a name for the new Request Template. This name is used by the Workspace ONE UEM console.
Description Enter a brief Description for the new certificate template.
Certificate Authority Select the Certificate Authority from the certificate authority drop-down menu.
For S/MIME Enable to access previously expired certificates and decrypt older S/MIME emails when the certificate template is for Entrust PKI and OpenTrust PKI certificate authorities.
Issuing Template Enter the name of the Issuing Template (for example, MobileUser) that you have configured in Configuring Certificate Template Properties in the Template name field. Ensure you enter the name with no spaces.
Subject Name Enter the Subject Name or Distinguished Name (DN) for the template. The text entered in this field is the “Subject” of the certificate, which can be used by the network administrator to determine who or what device received the certificate.
Private Key Length Select the private key length from the Private Key Length drop-down menu. This is typically 2048 and should match the setting on the certificate template that is being used by DCOM.
Private Key Type Select the Private Key Type using the applicable checkbox. This should match the setting on the certificate template that is being used by DCOM.
SAN Type Enter the Subject Alternate Names (SAN) with the template. This is used for additional unique certificate identification.
Automatic Certificate Renewal Select the Automatic Certificate Renewal checkbox to have certificates using this template automatically renewed prior to their expiration date. If Automatic Certificate Renewal is enabled, specify the Auto Renewal Period in days and make sure the assignment type is set to Auto.
Publish Private Key Select the Publish Private Key checkbox to publish the private key to the specified web service endpoint (Directory Services or custom web service). Publishing Private Key is only applicable when using Lotus Domino.