As part of the cumulative 220.127.116.11+ patch and all Workspace ONE Console releases (post Workspace ONE UEM 1811), VMware Workspace ONE is implementing a change for the Certificate Authority configuration with SCEP. Previously, the Managed CA value in the profile XML pushed to the device was always be set to ‘Airwatch’, regardless of what was configured by the administrator in the ‘Managed CA’ field of the Certificate Template. Moving forward, we are allowing administrators to change this value.
This change potentially impacts customers leveraging the Entrust Certificate Authority (CA) integration in the following scenarios:
- Dedicated SaaS/On-Premises customers installing the cumulative 18.104.22.168+ patch
- SaaS/On-Premises customers upgrading to any version of Workspace ONE UEM released post Workspace ONE UEM 1811
For example, when entering ‘Entrust’ in the Manager CA field of this Certificate Template, the XML code for the Device Profile contains the following lines:
This mismatch between the Managed CA field and the profile XML configuration can cause the SCEP certificate request by the device to fail.
Patch 22.214.171.124+ removes the hard-coding of ‘Airwatch’ in the device profile XML configuration for the Managed CA field in the Certificate Template. The profile XML will now reflect whatever is entered in the Managed CA field in the console by the administrator.
Customer Action Required
If you are impacted as outlined in any of the scenarios previously mentioned, perform the following steps:
- Verify the Managed CA for Entrust is configured with the proper value in the Certificate Template used for Entrust SCEP, as provided by Entrust.
- Navigate to Devices > Profiles & Resources > Profiles > List View. Select the radio button to the left of a device profile. Choose </> XML to display the XML code that AirWatch generates after profile creation. Verify that the following string reflects the Managed CA value from the Certificate Template.
- Verify the device is receiving the Entrust certificate via SCEP with no errors.
Support Contact Information
The VMware Workspace ONE Team