VMware Tunnel uses unique certificates for authentication and encryption between end-user applications and VMware Tunnel.

App Certificate Authentication and Encryption

When you whitelist an application for corporate access through the VMware Tunnel, Workspace ONE UEM automatically deploys a unique X.509 certificate to enrolled devices. This certificate can then be used for mutual authentication and encryption between the application and the VMware Tunnel. Unlike other certificates used for Wi-Fi, VPN, and email authentication, this certificate resides within the application sandbox and can only be used within the specific app itself. By using this certificate, the VMware Tunnel can identify and allow only approved, recognized apps to communicate with corporate systems over HTTP(S), or, for Per-App Tunneling, TCP and HTTP(S).

Secure Internal Browsing

By using the VMware Tunnel with VMware Browser, you can provide secure internal browsing to any intranet site and Web application that resides within your network. Because VMware Browser has been architected with application tunneling capabilities, all it takes to enable mobile access to your internal Web sites is to enable a setting from the Workspace ONE UEM console. By doing so, VMware Browser establishes a trust with VMware Tunnel using a Workspace ONE UEM-issued certificate and accesses internal Web sites by proxying traffic through the VMware Tunnel over SSL encrypted HTTPS. IT can not only provide greater levels of access to their mobile users, but also remain confident that security is not compromised by encrypting traffic, remembering history, disabling copy/paste, defining cookie acceptance, and more.