Install SCEP certificate - Workspace ONE UEM(Initial Setup)

To install and configure SCEP (Simple Certificate Enrollment Protocol) on a MacBook/Windows device using VMware Workspace ONE UEM (Unified Endpoint Management), you need to set up both the Workspace ONE UEM console and the device. This involves configuring a SCEP certificate template in Workspace ONE UEM and then deploying it to the devices. Here are the step-by-step instructions:


  1. Ensure you have administrative access to Workspace ONE UEM.
  2. Ensure the MacBook is connected to the internet and can reach the Workspace ONE UEM server.
  3. Ensure your user in Workspace one is an active user added in foxpass.

Add Certificate Authority and Certificate Template in Workspace ONE UEM

  • Create a SCEP endpoint on the SCEP page in Foxpass. Click 'Create SCEP Endpoint'.
    1. Name: Give a name to the endpoint of your choice.
    2. Verification Type: User
    3. Authentication Type: Challenge Password.
    4. Click 'Create'.
    5. Copy the unique endpoint and challenge password and make a note.
Create SCEP endpoint in Foxpass

Create SCEP endpoint in Foxpass

  • Log in to Workspace ONE UEM Console. Open your web browser, navigate to your Workspace ONE UEM admin console, and log in with your credentials.
  • Go to Devices > Certificates > Certificate Authorities, and then click Add.
Add Certificate Authority

Add Certificate Authority

  • Enter details as below:
    1. Name: Give name to CA of your choice.
    2. Description: Give description of your choice.
    3. Authority Type: Generic SCEP
    4. SCEP URL: Paste the SCEP endpoint noted earlier.
    5. Challenge Type: Static
    6. Static Challennge: Paste the challenge password noted earlier.
    7. Enable Proxy: Enabled
  • Click on 'TEST CONNECTION' button.
Add details and test connection

Add details and test connection

  • If the test is successful, click 'SAVE AND ADD TEMPLATE'.
  • Enter details for Certificate template as below:
    1. Name: Give a name to the template of your choice.
    2. Certificate Authority: Select the CA you just created from the dropdown.
    3. Subject Name: CN={EmailAddress}
    4. Private Key Type: Select both 'Signing' and 'Encryption'.
    5. Automatic Certificate Renewal: Enabled
    6. Publish Private Key: Disabled
    7. Click 'SAVE'.
Add Certificate Template

Add Certificate Template