VMware Workspace ONE Community
JamieAndersonJa
Enthusiast
Enthusiast
‎07-10-2019 08:26 AM

On-Prem TrustService for Cert Pinning

Have any on-prem customers successfully setup a TrustService for the upcoming cert pinning requirements. We are on 18.11 and having difficulty getting the trustservice end point up and running. Federal support hasn't been much help resolving the issue.

If you have, how are you able to verify that cert pinning is working in your environment?

Labels (1)
Labels
0 Kudos
5 Replies
Stansfield
Enthusiast
Enthusiast
‎07-10-2019 09:40 AM

Have you heard anything about this being required?  I had not heard anything about this for quite awhile but vmware failing to notify people would not surprise me.
0 Kudos
JamieAndersonJa
Enthusiast
Enthusiast
‎07-10-2019 09:48 AM

Cert Pining itself is supposed to be a requirement next year. The need for an on-prem trust service is optional
0 Kudos
Stansfield
Enthusiast
Enthusiast
‎07-10-2019 11:16 AM

Do you have a document or link saying that by any chance so I can show that to my group?  for cert pinning being needed next year, we are wary and have not implemented that for Prod yet.  Out of curiosity what led to you using your own trust services instead of the cloud ones?
0 Kudos
JamieAndersonJa
Enthusiast
Enthusiast
‎07-10-2019 11:33 AM

I don't have a document saying when the cert pinning deadline will be. Everything I know is coming from our TAM so it could change w/o notice but it's the best I have. Subscribe to this article, https://support.workspaceone.com/articles/115005083527. When they do make the announcement, i believe they will update this doc.

Our Security team wants the TrustService in place, that's the best i can tell you. it would be a lot simpler to use the cloud service for sure.
0 Kudos
sturmanc
Enthusiast
Enthusiast
‎07-12-2019 05:21 AM

SSL Pinning and Outbound SSL Interception Proxies
https://support.workspaceone.com/articles/115009643247

Early 2020, VMware AirWatch will begin enforcing SSL pinning in its mobile applications. Although SSL pinning to Device Services is optional and may be disabled by customers with On-Premises, or Dedicated SaaS environments, certain communications between VMware AirWatch mobile applications and VMware AirWatch cloud services will always be pinned for enhanced security.
0 Kudos