As announced on June 30th, 2017, VMware intends to start enforcing SSL Pinning hard fail for all VMware Workspace ONE applications. In an effort to provide the best possible customer experience, VMware is piloting a beta build of VMware PIV-D Manager for Android with SSL Pinning hard fail enabled, to allow you to validate the readiness of your deployment.
To utilize the version of PIV-D Manager for Android with SSL Pinning hard fail enabled, perform the following steps:
- Configure SSL Pinning in the Workspace ONE UEM Console using the instructions outlined here.
- Download VMware PIV-D Manager for Android (beta) from the My Workspace ONE portal here.
- Ensure all appropriate configuration changes have been made in your environment (as outlined here), therefore, traffic will not be intercepted between the PIV-D Manager for Android application and the Cloud Trust Service or your Device Services Server.
Video 1: How to configure SSL Pinning for On-Premises customers leveraging the cloud hosted trust service (note: For SaaS customers, the cloud services setup to generate HMAC token for auto discovery has already been completed and the Device Services server certificate has already been uploaded):
Video 2: How to deploy PIV-D Manager in your Workspace ONE UEM Console:
Video 3: Expected behavior of an application with SSL Pinning hard fail enforced when the pinned certificate does not match the server:
Video 4: The following video demonstrates normal behavior of the PIV-D application on successful validation that the pinned certificate matched the server. Additionally, this build of PIV-D application for Android has an Admin Connectivity section to allow you to view the pin validation status.
Support Contact Information
The VMware Workspace ONE Team
Other Languages: 日本語