CRSVC-4391: Changes to Bluecoat VPN profiles fail with error "Save failed - unable to fetch trusted certificates"




Version Identified

VMware Workspace ONE UEM 9.7 through 1904



The integration between Workspace ONE UEM and Bluecoat leverages an authentication certificate seeded in the console and tenant identifier 'customer ID' input by an administrator in the VPN payload to initiate the integration. The seeded authentication certificate has expired which results in the following error when an administrator attempts to make changes to the Bluecoat profile:

Save failed - unable to fetch trusted certificates

In addition, the renewed authentication certificate issued by Bluecoat leverages a MD5 hash and has been flagged as a possible security vulnerability by VMware. 

Customer Impact: 

For customers currently leveraging this integration, previously enrolled devices already with Workspace ONE will continue to function as expected. Any action that requires authentication between Workspace ONE UEM and Bluecoat such as new device enrollment, device re-enrollment, or changes to the Bluecoat VPN profile, will fail.


At this time we have requested that Bluecoat provide a new certificate leveraging SHA-512 and recommended they offer tenant level certificates or vendor generated authentication certificates for added security. Please reach out to Bluecoat support to escalate the issue.

Other Languages: 日本語

Have more questions? Submit a request


Article is closed for comments.