Changes to Entrust Certificate Authority Integration to Support Custom Managed Certificate Authority Name

Overview

As part of the cumulative 9.5.0.21+ patch and all Workspace ONE Console releases (post Workspace ONE UEM 1811), VMware Workspace ONE is implementing a change for the Certificate Authority configuration with SCEP. Previously, the Managed CA value in the profile XML pushed to the device was always be set to ‘Airwatch’, regardless of what was configured by the administrator in the ‘Managed CA’ field of the Certificate Template. Moving forward, we are allowing administrators to change this value. 

This change potentially impacts customers leveraging the Entrust Certificate Authority (CA) integration in the following scenarios:

  • Dedicated SaaS/On-Premises customers installing the cumulative 9.5.0.21+ patch
  • SaaS/On-Premises customers upgrading to any version of Workspace ONE UEM released post Workspace ONE UEM 1811

Picture1.png

For example, when entering ‘Entrust’ in the Manager CA field of this Certificate Template, the XML code for the Device Profile contains the following lines:

<key>Name</key>

       <string>AirWatch</string>

This mismatch between the Managed CA field and the profile XML configuration can cause the SCEP certificate request by the device to fail.

 

Customer Impact

Patch 9.5.0.21+ removes the hard-coding of ‘Airwatch’ in the device profile XML configuration for the Managed CA field in the Certificate Template. The profile XML will now reflect whatever is entered in the Managed CA field in the console by the administrator.

Customer Action Required

If you are impacted as outlined in any of the scenarios previously mentioned, perform the following steps:

  1. Verify the Managed CA for Entrust is configured with the proper value in the Certificate Template used for Entrust SCEP, as provided by Entrust.
  2. Navigate to Devices > Profiles & Resources > Profiles > List View. Select the radio button to the left of a device profile. Choose </> XML to display the XML code that AirWatch generates after profile creation. Verify that the following string reflects the Managed CA value from the Certificate Template.

<key>Name</key>

        <string>Entrust</string>

  1. Verify the device is receiving the Entrust certificate via SCEP with no errors.

 

Support Contact Information

To receive support, either submit a ticket via the My Workspace ONE portal or call your local support line.

 

Best Regards,

The VMware Workspace ONE Team

Have more questions? Submit a request

0 Comments

Article is closed for comments.