Install SCEP certificate on Windows using Workspace ONE UEM

Download Workspace ONE Intelligent Hub

Download Workspace one Intelligent Hub for Windows from here.

Workspace ONE Intelligent HubWorkspace ONE Intelligent Hub

Workspace ONE Intelligent Hub

Install

Install Intelligent Hub and log in using your credentials. The Windows device will appear on Workspace one UEM.

Login

Login to VMware AirWatch using your credentials.

Login Screen vmware airwatchLogin Screen vmware airwatch

Login Screen vmware airwatch

Create Profiles

After connecting from Workspace one intelligent hub from Windows, your device will appear on VMware AirWatch. Go to Devices → List View, you will be able to see your Windows device.

List View of DevicesList View of Devices

List View of Devices

We need to create two profiles one for Device and another for User.
Device Profile - CA certificate
Click on the Devices → Profiles and Resources → Profiles → Add
Click on Add Profile and Select Windows and then Windows Desktop and select Device Profile.

Add ProfileAdd Profile

Add Profile

Configuration for Device Profile for Foxpass CA certificate

  • Select General and apply the following settings:
  • Name - ‘Any reference name’
  • Deployment - Managed
  • Assignment type - Auto
  • Allow Removal - Always
  • Managed by - ‘Your Administrator ID’
  • Smart Groups - Add all the possible groups from the dropdown.
  • Exclusions - No
  • Click on Save and Publish.
Device Profile - GeneralDevice Profile - General

Device Profile - General

Now select Credentials and apply the following settings:

  • Credential Source Defined Certificate Authority → Select Upload
  • Certificate → Click on the Upload button and upload the CA certificate downloaded from Foxpass. (The CA certificate can be obtained by clicking on the ‘Download Certificate’ in Foxpass).
  • Certificate Store → Select Trusted Root
  • Click on Save and Publish.
Foxpass CA certificateFoxpass CA certificate

Foxpass CA certificate

Device Profile - CredentialsDevice Profile - Credentials

Device Profile - Credentials

User Profile - Foxpass SCEP certificate
Click on the Devices → Profiles and Resources → Profiles → Add
Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.

Configuration for User Profile for Foxpass SCEP certificate

  • Select General and configure:
  • Name - ‘Any reference name’
  • Deployment - Managed
  • Assignment type - Auto
  • Allow Removal - Always
  • Managed by - ‘Your Administrator ID’
  • Smart Groups - Add all the possible groups from the dropdown.
  • Exclusions - No
  • Click on Save and Publish.
User profile - GeneralUser profile - General

User profile - General

Now configure Credentials:

  • Credential Source - Select ‘Defined Certificate Authority from the dropdown.
  • Certificate Authority - Select Foxpass from the dropdown.
  • Certificate Template - Foxpass
  • Key Location - TPM if present
  • Certificate Store - Personal
  • Save and Publish
User Profile - CredentialsUser Profile - Credentials

User Profile - Credentials

Check Certificate Authority

Go to Device → Certificates → Certificate Authority
Name - Foxpass CA
Authority Type - Generic SCEP
SCEP Provider - Basic
SCEP URL - Enter your unique endpoint
Challenge type - Static
Static Challenge - 'Challenge password from Foxpass'
Retry Timeout - 30
Disable the proxy and check the SCEP URL. After entering the settings test the connection

Certificate AuthorityCertificate Authority

Certificate Authority

Check certificates in Windows

Open certificate manager in Windows.
Select Personal → Certificates, check for the Foxpass SCEP certificate.

Foxpass SCEP certificateFoxpass SCEP certificate

Foxpass SCEP certificate

Now check for Foxpass CA certificate in Trusted Root Certification Authorities.

Foxpass CA certificateFoxpass CA certificate

Foxpass CA certificate