Install SCEP certificate on Windows using Workspace ONE UEM
Add Certificate Authority and Template
If you are configuring SCEP certificates for both Windows and macOS, you only need to follow the initial setup documentation once
- Please refer the Initial Setup documentation to add certificate authority and certificate template in Workspace one.
Add Device Profile for Windows
- Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile.
- Select Windows > Widows Desktop > Device Profile
- Enter details for the profile as below:
- For General, Name: You choice
- Smart Groups: Assign to respective smart groups according to your needs.
- Go to Credentials:
- Credential Source: Select 'Defined Certificate Authority' from the dropdown.
- Certificate Authority: Select the CA configured in the Initial Setup documentation.
- Certificate Template: Select the template configured in the Initial Setup documentation.
- Key Location: TPM if present.
- Certificate Store: Personal
- Click on + on the bottom right and add credentials #2:
- Credential Source: Upload
- Certificate: Download the Client CA from the EAP-TLS page of foxpass and upload it here.
- Key Location: TPM if present
- Certificate Store: Trusted Root
- Click on + on the bottom right and add credentials #3:
- Credential Source: Upload
- Certificate: Download the active server CA from the EAP-TLS page of foxpass and upload it here.
- Key Location: TPM if present
- Certificate Store: Trusted Root
- Click 'SAVE AND PUBLISH'
- Configure Wi-Fi payload:
- Service Set Identifier: Your SSID
- Security Type: WPA2 Enterprise
- Encryption: AES
- Protocols: Certificate
- Identity Certificate: Choose Certificate #1
- Trusted Certificates: Choose Certificate #3
- Click 'SAVE AND PUBLISH'
Add User Profile for Windows
- Click on the Devices → Profiles and Resources → Profiles → Add
- Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.
- Select General and configure:
- Name - ‘Any reference name’
- Smart Groups - Add all the possible groups from the dropdown.
- Select Credentials from the left.
- Credential Source - Select ‘Defined Certificate Authority from the dropdown.
- Certificate Authority - Select CA created in the Initial setup from the dropdown.
- Certificate Template - Select the template configured earlier.
- Key Location - TPM if present
- Certificate Store - Personal
- Click Save and Publish
Enroll Windows to Workspace one
- Make a note of the console version by clicking About of your Workspace one's console page.
- Go to resources.worskspaceone.com.
- Download the appropriate intelligent hub according to the console version on your Windows machine.
- Follow the setup wizard and install hub.
- Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.
- Enter your Group ID and click 'Next'.
- You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.
- If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.
If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.
Updated 5 months ago