Before configuring the SEG to use client certificate authentication, meet the following pre-requisites.
- A Windows Server (2008 R2 or higher)
- A Certificate Authority (CA) integrated with Workspace ONE UEM to issue certificates to your mobile devices. In this documentation, Microsoft is used as an example for a CA. However, Workspace ONE UEM supports certificates from multiple CAs.
A trust relationship between the CA and the Directory Services server.
- A domain service account to use as the Principal Identity with designated permission to impersonate users to the EAS service.
A Certificate Revocation List (CRL) for CA that is accessible over HTTP and CRL distribution point. For more information, see Configure CRL over HTTP for CA .
- Administrative access to the following in your enterprise environment:
- Active Directory (AD) Users & Computers
- Exchange ActiveSync (EAS) or Client Access Servers (CAS)
- Windows Server on which the SEG is installed
- Certificate Authority (CA)
Communication paths should be as noted below.
|SEG||80||HTTP||CRL Distribution Point|
|SEG||80/443||HTTP (S)||Exchange ActiveSync|