f Select the radio button that reflects the type of service account in the
Authentication section. Service Account causes the device user to enter
credentials. Self-Service Portal authenticates the device without the user having
to enter their credentials.
g Enter the Admin Username and Password. This is the username and password
of the ADCS Admin Account (step 2.f). This admin has sufficient access to allow
Workspace ONE UEM to request and issue certificates.
6 Click Save.
b Configure the certificate template.
1 Select the Request Templates tab.
2 Click Add.
3 Complete the certificate template information.
a Enter a friendly name for the new Request Template. This name is used by the
Workspace ONE UEM console.
b Enter a brief Description for the new certificate template.
c Select the Certificate Authority that was just created from the certificate authority
drop-down menu.
d Enter the name of the Issuing Template (e.g., MobileUser) that you configured
in Configuring Certificate Template Properties in the Template name field. Make
sure you enter the name with no spaces.
e Enter the Subject Name or Distinguished Name (DN) for the template. The text
entered in this field is the “Subject” of the certificate, which can be used by the
network administrator to determine who or what device received the certificate.
f A typical entry in this field is “CN={EnrollmentUser}” or “CN={DeviceUid}” where
the {} fields are Workspace ONE UEM lookup values.
g Select the private key length from the Private Key Length drop-down menu.This
is typically 2048 and should match the setting on the certificate template that is
being used by DCOM.
h Select the Private Key Type using the applicable checkbox.This should match the
setting on the certificate template that is being used by DCOM.
i Under SAN Type, select Add to include one or more Subject Alternate Names
with the template. This is used for additional unique certificate identification. In
most cases, this needs to match the certificate template on the server. Use
the drop-down menu to select the SAN Type and enter the subject alternate
name in the corresponding data entry field. Each field supports lookup values.
Email Address, User Principal Name, and DNS Name are supported by ADCS
Templates by default.Select the checkbox for Security Identifier to include the AD
SID in the certificate SAN.
Certificate Authority Integrations
VMware, Inc. 17