You must incorporate a secure sockets layer (SSL) certificate into the Workspace ONE Assist on-premises installation process whether you are performing a Standard (Basic) or Advanced (Custom) installation.
SSL certificates provide secure, encrypted communications between a website and an Internet browser. The SSL certificate secures HTTPS binding for the management website for port 443 and allows a secure connection. This secure connection is between the admin and Web services. Also, the SSL certificate secures the connection to the Connection Proctor on port 8443 (or port 443 when the Connection Proctor (CP) Service runs on a separate server). You must provide the SSL certificate as a wildcard or SAN certificate.
If you are installing Workspace ONE Assist for the first time or upgrading to a newer version, you do not need to bind the SSL certificate to a website or renew the site thumbprint. However, if you are renewing an expired SSL certificate in between Workspace ONE Assist releases, you must bind the SSL certificate to a website and update the renewed site Thumbprint using AdminWebPortal. A link to each of those tasks appears directly after the following steps.
This process applies only to the SSL certificate. This process does not apply to the T10 API root and intermediate certificates, the details of which can be viewed in Generate the Advanced Remote Management Certificates.
- Run the Microsoft Management Console (MMC).
Locate this application by typing 'mmc' into the search box found in the Start button.
- In the File menu of the MMC application, select Add/Remove Snap-in....
The Add or Remove Snap-ins dialog box displays.
- Under Available snap-ins on the left panel, select Certificates and then select the Add button in the middle.
The Certificates snap-in dialog box displays.
- Select Computer Account and then select the Next button.
- Select Local Computer and then select the Finish button.
Now the Add or Remove Snap-ins screen displays Certificates (Local Computer) under the Console Root on the right panel.
- Select OK to finish.
The main MMC window displays.
- Expand the Certificates (Local Computer) on the left panel by selecting the Greater Than symbol. Select Personal > Certificates.
- If you do not have a Certificates folder to select, select the Personal folder and a Certificates folder will be created automatically.
- In the Action menu of the MMC application, select All Tasks followed by Import....
The Certificate Import Wizard displays.
- Select Next to begin the Wizard.
- Select Browse... to locate the SSL certificate in the PFX file format. You should familiarize yourself with the name of this file, since you must identify it by name in the future. Once located, select Open to import it.
- Enter the certificate's Password when prompted. Add check marks to the two boxes labeled Mark this key as exportable and Include all extended properties.
- Select Next.
- Select Place all certificates in the following store and set the Certificate store to 'Personal'.
- Select Next.
- Confirm all the presented information is correct and then select Finish.
What to do next
- Standard (Basic), for all-in-one single server installations.
- Advanced (Custom), for installations with advanced options such as multiple servers to accommodate high availability and horizontal scaling.
If you are not installing Workspace ONE Assist but rather just updating an expired SSL certificate, then you must Bind the SSL Certificate to a Management Site followed by Update the Renewed Site Thumbprint Using AdminWebPortal.