VMware Workspace ONE Community
Bramdecorte
Contributor
Contributor
Jump to solution

Workspace One UEM integration with EJBCA as CA Authority

Has someone succeeded with integrating airwatch with an EJBCA appliance or wm ?

This doc mentions the web service endpoint , but do they mean the rest api url's (there are 3 now) or another url.

Step 1: Configure EJBCA Certificate Authority

Labels (1)
1 Solution

Accepted Solutions
Bramdecorte
Contributor
Contributor
Jump to solution

For anyone who needs help with this.

i've configured the connection with SCEP.

The name of the CA needs the be the same as the name of the active CA defined in ejbca.

the scep url = http://EJBCA_SERVER/ejbca/publicweb/apply/scep/SCEPALIAS/pkiclient.exe 

The static challenge = the enrollment code ,  so write it down as for each certificate the enrollment code needs to be the same.

View solution in original post

2 Replies
Bramdecorte
Contributor
Contributor
Jump to solution

For anyone who needs help with this.

i've configured the connection with SCEP.

The name of the CA needs the be the same as the name of the active CA defined in ejbca.

the scep url = http://EJBCA_SERVER/ejbca/publicweb/apply/scep/SCEPALIAS/pkiclient.exe 

The static challenge = the enrollment code ,  so write it down as for each certificate the enrollment code needs to be the same.

vEUCaddict
Contributor
Contributor
Jump to solution

Hi @Bramdecorte,

Via one of my VMware SE's I found the correct "Server URL" to use with EJBCA. Currently running a project at a customer who wants to integrate Workspace ONE UEM and PrimeKey's EJBCA.

The "Server URL" must be: https://<pki-server>:8443/ejbca/ejbcaws/ejbcaws
and the "Certificate" you need to upload is from a RA user with enough privileges on the CA in EJBCA.
VMware uses in their demo's the superadmin.p12 certificate, but for production environments it is not a good idea.
Keep in mind that the certificate from the EJBCA instance must be correct (no SSL-errors) and that the certificate must be installed on the Workspace ONE's Cloud Connector servers (Windows Certificate Store).
Made a blogpost for it how you need to set it up: https://veucaddict.com/blog/integrate-ejbca-certificate-authority-in-workspace-one-uem/ 

I know Generic SCEP works as well, but was really curious about the direct integration, because it was an option in the dropdown list and nothing to find on the internet about this integration.

Cheers, Sidney (vEUCaddict)

Reply
0 Kudos