As a Workspace ONE UEM console on-prem administrator, you can use the Trust Service page and configure the settings only at the Global level.

In general, you should contact Workspace ONE UEM if you want to learn more about this feature or believe it may be required for your deployment, as it involves certificate signing workflows and external downloads from myAirWatch.

The Trust Service is a secure way to deactivate SSL pinning for closed network, on-premises deployments where devices do not have outbound access to the Workspace ONE UEM public cloud. In this case, a trust service must be installed if Workspace ONE UEM mobile applications that support SSL Pinning will be used as they will not be functional otherwise. The Trust Service serves as a root of trust to notify devices that they are not to attempt communication with the Workspace ONE UEM Cloud and can proceed without the need to retrieve pinned SSL Certificates from Workspace ONE UEM hosted services. The Trust Service must use a custom SSL certificate signed by a Workspace ONE UEM root certificate to establish trust with the device.