kb.vmware.com
Open in
urlscan Pro
2a02:26f0:7100:8b3::2ef
Public Scan
URL:
https://kb.vmware.com/s/article/92081
Submission: On May 17 via manual from ES — Scanned from NL
Submission: On May 17 via manual from ES — Scanned from NL
Form analysis
0 forms found in the DOMText Content
Loading ×Sorry to interrupt This page has an error. You might just need to refresh it. [Cannot read properties of undefined (reading 'email')] Failing descriptor: {markup://c:kM_ArticleSubscribe} Refresh COOKIE PREFERENCE CENTER GENERAL INFORMATION ON COOKIES GENERAL INFORMATION ON COOKIES When you visit our website, we use cookies to ensure that we give you the best experience. This information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies by clicking on the different category headings to find out more and change your settings. However, blocking some types of cookies may impact your experience on the site and the services we are able to offer. Further information can be found in our Cookie Policy. * STRICTLY NECESSARY STRICTLY NECESSARY Always Active Strictly Necessary Strictly necessary cookies are always enabled since they are essential for our website to function. They enable core functionality such as security, network management, and website accessibility. You can set your browser to block or alert you about these cookies, but this may affect how the website functions. For more information please visit www.aboutcookies.org or www.allaboutcookies.org. Cookie Details * PERFORMANCE PERFORMANCE Performance Performance cookies are used to analyze the user experience to improve our website by collecting and reporting information on how you use it. They allow us to know which pages are the most and least popular, see how visitors move around the site, optimize our website and make it easier to navigate. Cookie Details PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE. * FUNCTIONAL FUNCTIONAL Functional Functional cookies help us keep track of your past browsing choices so we can improve usability and customize your experience. These cookies enable the website to remember your preferred settings, language preferences, location and other customizable elements such as font or text size. If you do not allow these cookies, then some or all of these services may not function properly. Cookie Details PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE. * ADVERTISING ADVERTISING Advertising Advertising cookies are used to send you relevant advertising and promotional information. They may be set through our site by third parties to build a profile of your interests and show you relevant advertisements on other sites. These cookies do not directly store personal information, but their function is based on uniquely identifying your browser and internet device. Cookie Details PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE. * SOCIAL MEDIA SOCIAL MEDIA Social Media Social media cookies are intended to facilitate the sharing of content and to improve the user experience. These cookies can sometimes track your activities. We do not control social media cookies and they do not allow us to gain access to your social media accounts. Please refer to the relevant social media platform’s privacy policies for more information. Cookie Details PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE. Back Button ADVERTISING COOKIES Filter Button Consent Leg.Interest Select All Vendors Select All Vendors Select All Hosts Select All * REPLACE-WITH-DYANMIC-HOST-ID View Third Party Cookies * Name cookie name Clear Filters Information storage and access Apply Confirm My Choices Allow All Products and Accounts Knowledge Communities Support Success Learning SearchLoading My Subscriptions Loading Knowledge Base VMWARE BEST PRACTICES UPDATE – WORKSPACE ONE UEM SAAS DELEGATED SSL CERTIFICATE MANAGEMENT (FOR CUSTOMER OWNED DOMAINS) (92081) -------------------------------------------------------------------------------- Last Updated: 5/11/2023Categories: InformationalTotal Views: 724 thumbs-up-line 1Language: English subscribe DETAILS PURPOSE As part of our ongoing journey to enhance the quality and security of the Workspace ONE UEM SaaS offering, VMware is deploying AWS CloudFront as the ingress service for all UEM environments hosted in VMC on AWS – more details are available here. VMware will also begin to use AWS Certificate Manager (ACM) for SSL certificate management. This allows all legacy Workspace ONE UEM SaaS commercial customers using their own self-managed domains for accessing their SaaS tenants, to opt-in and delegate management of these SSL certificates to VMware. Note: This does not apply to FedRAMP hosted UEM customers. Workspace ONE UEM SaaS customers are recommended to opt-in to the offering to benefit from streamlined and simplified management of the certificate life cycle by VMware including, * Automated periodic certificate renewal and deployment by VMware * Secure RSA 2048 certificates issued by Amazon CA * Improved security by generating all private keys within ACM. VMware does not need to handle or transport the private keys. Additionally, the need for customers to securely deliver private keys for SSL Certificates to VMware is also eliminated. * Reduced costs as Amazon does not charge for issuing such SSL certificates. HOW TO OPT-IN TO VMWARE MANAGED SSL CERTIFICATES? Customers opting into the VMware certificate management offering, * Open a support request with a title ‘Workspace ONE UEM: KB92081 Opt In for CN###’ (e.g.) * VMware will provide the customer with the information required to create one or more DNS CNAME records: e.g. A customer using a self-managed SSL certicate for admin.customer.com would be provided a C-NAME mapping similar to 6d5b775bf28df9fb34079ae44e27fe3.customer.com -> _c120ca06ccb2658c041e0545d54524fb.fmfdpfvvyn.acm-validations.aws * Customers should have their IT teams create the specified DNS CNAME records. Customer teams may need to work with their internal Network Teams and DNS providers to determine how to add records Note: In keeping with industry security practices, VMware support are unable to assist with these DNS changes since these domains are not managed by VMware * Once the CNAME records are added, customers should inform VMware support to complete setup through DNS validation * VMware will consequently complete DNS validation and update the SSL certificate used for the customer’s SaaS tenant Note: The CNAME record must be maintained in customer’s DNS database to allow VMware to manage SSL certificates for the customer. If removed, VMware cannot manage the SSL certificate for the customer domain. To opt out of the offering, customers can simply remove the aforementioned Detectable by VMware SkylineTM ACTIONS Copy To Clipboard Copy link to clipboard copied! Print Print Language Language: English ATTACHMENTS Additional Resources KB • Downloading and licensing vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) KB • Downloading and Installing the standalone VMware Remote Console (VMRC) in vSphere (2091284) Results 1-2 of 2 Ask The Community Get answers quickly from VMware experts in the community Post Subject CONTINUE IN COMMUNITIES Clear SearchLoading RELATED PRODUCTS: * VMware Workspace ONE RELATED VERSIONS: * Take Our Survey * * * * * Copyright © 2023 VMware, Inc. All rights reserved. * Terms of Use * Your California Privacy Rights * Privacy * Accessibility * Cookie Settings Loading word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word word mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 mmMwWLliI0fiflO&1 Support Assistant