You must generate the T10 API root and intermediate certificates used during an on-premises installation whether you are performing a Standard (Basic) or Advanced (Custom) installation. These certificates are also required for an on-premises build of Workspace ONE UEM while using Workspace ONE Assist in a SaaS environment.
- Extract all contents from the installer package ZIP file into c:\temp of the Workspace ONE Assist server. Do not move the files around inside the temp folder as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
- Run the Remote Management Certificate Generator which is included in the installer package.
- In the UEM console, switch to your primary organization group (OG).
- The OG you select must be of a 'customer' type.
- Navigate to Workspace ONE Assist section, and copy the string in the Remote Management CN text box. You are not able to see a Remote Management CN option unless you are in a 'customer' type OG.
, scroll down to the Note: If the Remote Management CN text box is blank, then you must manually Create the Common Name from the Workspace ONE UEM Database.
- Set the following values.
Setting Value Certificate Type Remote Management Deployment On-premises Certificate Common Name Paste the Remote Management CN copied from the preceding step (Step 5).
- Select Generate Certificates.
- Set Password for the certificates when prompted. Store this password for future use.
- Navigate to the folder holding the Remote Management Certificate Generator.
- Find the generated certificates file in the Artifacts\private folder called root_intermediate_chain.p7b. This is the T10 Certificate pair file that contains two major certificates that enable Workspace ONE UEM to communicate with the T10 portal. These certificates are the Workspace ONE UEM portal Root and Intermediate certificates.
- For On-Premises Environments – Copy the p7b file generated in step 10 to the c:\temp\certs folder on the Workspace ONE Assist Server and proceed to step 12.
- For SaaS Environments – Zip up the p7b file and email it to your account team or professional services team member. They will create a ticket for the Assist team with the certificate you provided. Internal Account Teams and Professional Services Teams, refer to the following knowledgebase article for further instructions. https://ikb.vmware.com/s/article/79459.
- In the Artifacts folder, find the "Certificate Seed Script.sql". Run this script against the Workspace ONE UEM Database to seed the generated certificates into the Workspace ONE UEM database.