You must generate the T10 API root and intermediate certificates used during an on-premises installation whether you are performing a Standard (Basic) or Advanced (Custom) installation. These certificates are also required for an on-premises build of Workspace ONE UEM while using Workspace ONE Assist in a SaaS environment.

The certificate generator is called RemoteManagementCertificateGenerator_9_2. This installer must be run on a machine with the same locale settings as the database server to ensure that the same date format is set in the SQL script. You must run this certificate generator as an administrator.

Prerequisites

Download the installer package, titled VMware Workspace ONE ™ UEM Remote Management Installer, from the myWorkspaceONE portal (https://myworkspaceone.com).

Procedure

  1. Extract all contents from the installer package ZIP file into c:\temp of the Workspace ONE Assist server. Do not move the files around inside the temp folder as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
  2. Run the Remote Management Certificate Generator which is included in the installer package.
  3. In the UEM console, switch to your primary organization group (OG).
  4. The OG you select must be of a 'customer' type.
  5. Navigate to Groups & Settings > All Settings > System > Advanced > Site URLs, scroll down to the Workspace ONE Assist section, and copy the string in the Remote Management CN text box. You are not able to see a Remote Management CN option unless you are in a 'customer' type OG.
    Note: If the Remote Management CN text box is blank, then you must manually Create the Common Name from the Workspace ONE UEM Database.
  6. Set the following values.
    Setting Value
    Certificate Type Remote Management
    Deployment On-premises
    Certificate Common Name Paste the Remote Management CN copied from the preceding step (Step 5).
  7. Select Generate Certificates.
  8. Set Password for the certificates when prompted. Store this password for future use.
  9. Navigate to the folder holding the Remote Management Certificate Generator.
  10. Find the generated certificates file in the Artifacts\private folder called root_intermediate_chain.p7b. This is the T10 Certificate pair file that contains two major certificates that enable Workspace ONE UEM to communicate with the T10 portal. These certificates are the Workspace ONE UEM portal Root and Intermediate certificates.

    • For On-Premises Environments – Copy the p7b file generated in step 10 to the c:\temp\certs folder on the Workspace ONE Assist Server and proceed to step 12.
    • For SaaS Environments – Zip up the p7b file and email it to your account team or professional services team member. They will create a ticket for the Assist team with the certificate you provided. Internal Account Teams and Professional Services Teams, refer to the following knowledgebase article for further instructions. https://ikb.vmware.com/s/article/79459.
  11. In the Artifacts folder, find the "Certificate Seed Script.sql". Run this script against the Workspace ONE UEM Database to seed the generated certificates into the Workspace ONE UEM database.

Results

If you receive the error message "The conversion of a varchar data type to a datetime data type resulted in an out-of-range value," then see Troubleshooting Workspace ONE Assist. Support for multiple Workspace ONE UEM environments is available. For details, see Multi-Workspace ONE UEM Environment Support.

What to do next

Proceed next to Install an SSL Certificate.