Rotation of AW API Root certificate
On November 16, 2017, the AW API Root certificate installed on all AirWatch environments will expire. A new version of this certificate will be included in AirWatch v9.0.6 (coming soon), v9.1.2+, which will remain valid until May 11, 2037.
The AW API Root certificate is used to issue API client and server root certificates, and is critical for any custom-built mobile or web applications built using the AirWatch SOAP API. Affected applications may experience outages if the AW API Root certificate expires before appropriate action is taken. Any custom applications built using the AirWatch REST API will remain unaffected.
The AirWatch Secure Email Gateway (Classic Platform) and Enteprise Integration Service (EIS) both utilize AirWatch SOAP APIs. Existing deployments of these applications will be unaffected by the rotation/expiration of the AirWatch API Root certificate. However, configuring a new SEG (Classic Platform) instance will not be possible if the AW API Root certificate expires before appropriate action is taken.
Alert: Action required for customers using custom apps that implement SOAP API
If you are currently using a custom-built application that leverages the AirWatch SOAP API, this application must be updated to leverage the new AW API Root certificates included in AirWatch v9.0.6, and v9.1.2+. An updated SOAP API certificate can be generated from the new AW API Root certificate by navigating in the AirWatch Console to Settings > System > Advanced > API > SOAP API. If a certificate is already configured, select Clear Client Certificate, followed by Generate Client Certificate. Use the updated certificate for authentication between your application and AirWatch. Note that any active SOAP API applications will no longer be able to authenticate to the AirWatch servers after the initial SOAP API certificate is cleared.
Alert: Action required for customers using SEG (Classic Platform)
Customers looking to configure new SEG instances in the AirWatch Console after November 16th, 2017 will need to upgrade to at least AirWatch v9.0.6, or v9.1.2 to leverage a new certificate. An updated SOAP API certificate can be generated from the new AW API Root certificate by navigating in the AirWatch Console to Settings > System > Advanced > API > SOAP API. If a certificate is already configured, select Clear Client Certificate, followed by Generate Client Certificate. Note that any active SEG servers will no longer be able to authenticate to the AirWatch servers after the initial SOAP API Client certificate is cleared.
To resolve this, re-run the installer and setup for Classic SEG on all existing SEG (Classic platform) servers. To learn more about deploying SEG (Classic Platform), please refer to the Console Requirements section of the Online Help page.
How to upgrade your AirWatch environment
Shared SaaS environments will automatically be scheduled for upgrade by our Operations team, and once scheduled will show in the myAirWatch My Company page. You can schedule an upgrade for a Dedicated SaaS environment on the My Company page as well.
Any customers with on-premise environments can reach out to their Account Executive to purchase Professional Services with our Upgrades team, or perform a self upgrade.
The AirWatch Team