Install SCEP certificate on Windows using Workspace ONE UEM [old versions]
Download Workspace ONE Intelligent Hub
Download Workspace one Intelligent Hub for Windows from here.

Workspace ONE Intelligent Hub
Install
Install Intelligent Hub and log in using your credentials. The Windows device will appear on Workspace one UEM.
Login
Login to VMware AirWatch using your credentials.

Login Screen vmware airwatch
Create Profiles
After connecting from Workspace one intelligent hub from Windows, your device will appear on VMware AirWatch. Go to Devices → List View, you will be able to see your Windows device.

List View of Devices
We need to create two profiles one for Device and another for User.
Device Profile - CA certificate
Click on the Devices → Profiles and Resources → Profiles → Add
Click on Add Profile and Select Windows and then Windows Desktop and select Device Profile.

Add Profile
Configuration for Device Profile for Foxpass CA certificate
- Select General and apply the following settings:
- Name - ‘Any reference name’
- Deployment - Managed
- Assignment type - Auto
- Allow Removal - Always
- Managed by - ‘Your Administrator ID’
- Smart Groups - Add all the possible groups from the dropdown.
- Exclusions - No
- Click on Save and Publish.

Device Profile - General
Now select Credentials and apply the following settings:
- Credential Source Defined Certificate Authority → Select Upload
- Certificate → Click on the Upload button and upload the CA certificate downloaded from Foxpass. (The CA certificate can be obtained by clicking on the ‘Download Certificate’ in Foxpass).
- Certificate Store → Select Trusted Root
- Click on Save and Publish.

Foxpass CA certificate

Device Profile - Credentials
User Profile - Foxpass SCEP certificate
Click on the Devices → Profiles and Resources → Profiles → Add
Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.
Configuration for User Profile for Foxpass SCEP certificate
- Select General and configure:
- Name - ‘Any reference name’
- Deployment - Managed
- Assignment type - Auto
- Allow Removal - Always
- Managed by - ‘Your Administrator ID’
- Smart Groups - Add all the possible groups from the dropdown.
- Exclusions - No
- Click on Save and Publish.

User profile - General
Now configure Credentials:
- Credential Source - Select ‘Defined Certificate Authority from the dropdown.
- Certificate Authority - Select Foxpass from the dropdown.
- Certificate Template - Foxpass
- Key Location - TPM if present
- Certificate Store - Personal
- Save and Publish

User Profile - Credentials
Check Certificate Authority
Go to Device → Certificates → Certificate Authority
Name - Foxpass CA
Authority Type - Generic SCEP
SCEP Provider - Basic
SCEP URL - Enter your unique endpoint
Challenge type - Static
Static Challenge - 'Challenge password from Foxpass'
Retry Timeout - 30
Disable the proxy and check the SCEP URL. After entering the settings test the connection

Certificate Authority
Check certificates in Windows
Open certificate manager in Windows.
Select Personal → Certificates, check for the Foxpass SCEP certificate.

Foxpass SCEP certificate
Now check for Foxpass CA certificate in Trusted Root Certification Authorities.

Foxpass CA certificate
Updated 10 months ago