kb.vmware.com Open in urlscan Pro
2a02:26f0:7100:8b3::2ef  Public Scan

URL: https://kb.vmware.com/s/article/92081
Submission: On May 17 via manual from ES — Scanned from NL

Form analysis 0 forms found in the DOM

Text Content

Loading
×Sorry to interrupt
This page has an error. You might just need to refresh it. [Cannot read
properties of undefined (reading 'email')] Failing descriptor:
{markup://c:kM_ArticleSubscribe}

Refresh


COOKIE PREFERENCE CENTER




GENERAL INFORMATION ON COOKIES

GENERAL INFORMATION ON COOKIES

When you visit our website, we use cookies to ensure that we give you the best
experience. This information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies by clicking on the
different category headings to find out more and change your settings. However,
blocking some types of cookies may impact your experience on the site and the
services we are able to offer. Further information can be found in our
Cookie Policy.


 * STRICTLY NECESSARY
   
   STRICTLY NECESSARY
   
   Always Active
   Strictly Necessary
   
   Strictly necessary cookies are always enabled since they are essential for
   our website to function. They enable core functionality such as security,
   network management, and website accessibility. You can set your browser to
   block or alert you about these cookies, but this may affect how the website
   functions. For more information please visit www.aboutcookies.org or
   www.allaboutcookies.org.
   
   Cookie Details‎


 * PERFORMANCE
   
   PERFORMANCE
   
   Performance
   
   Performance cookies are used to analyze the user experience to improve our
   website by collecting and reporting information on how you use it. They allow
   us to know which pages are the most and least popular, see how visitors move
   around the site, optimize our website and make it easier to navigate.
   
   Cookie Details‎
   
   
   PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE.


 * FUNCTIONAL
   
   FUNCTIONAL
   
   Functional
   
   Functional cookies help us keep track of your past browsing choices so we can
   improve usability and customize your experience. These cookies enable the
   website to remember your preferred settings, language preferences, location
   and other customizable elements such as font or text size. If you do not
   allow these cookies, then some or all of these services may not function
   properly.
   
   Cookie Details‎
   
   
   PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE.


 * ADVERTISING
   
   ADVERTISING
   
   Advertising
   
   Advertising cookies are used to send you relevant advertising and promotional
   information. They may be set through our site by third parties to build a
   profile of your interests and show you relevant advertisements on other
   sites. These cookies do not directly store personal information, but their
   function is based on uniquely identifying your browser and internet device.
   
   Cookie Details‎
   
   
   PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE.


 * SOCIAL MEDIA
   
   SOCIAL MEDIA
   
   Social Media
   
   Social media cookies are intended to facilitate the sharing of content and to
   improve the user experience. These cookies can sometimes track your
   activities. We do not control social media cookies and they do not allow us
   to gain access to your social media accounts. Please refer to the relevant
   social media platform’s privacy policies for more information.
   
   Cookie Details‎
   
   
   PLEASE CONFIRM YOUR SETTINGS BY REFRESHING THE PAGE.

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All

 * REPLACE-WITH-DYANMIC-HOST-ID
   
   
   
   View Third Party Cookies
   
    * Name
      cookie name



Clear Filters

Information storage and access
Apply
Confirm My Choices Allow All

Products and Accounts
Knowledge
Communities
Support
Success
Learning

SearchLoading



My Subscriptions
Loading


Knowledge Base


VMWARE BEST PRACTICES UPDATE – WORKSPACE ONE UEM SAAS DELEGATED SSL CERTIFICATE
MANAGEMENT (FOR CUSTOMER OWNED DOMAINS) (92081)

--------------------------------------------------------------------------------

Last Updated: 5/11/2023Categories: InformationalTotal Views: 724 thumbs-up-line
1Language: English subscribe





DETAILS


PURPOSE 

As part of our ongoing journey to enhance the quality and security of the
Workspace ONE UEM SaaS offering, VMware is deploying AWS CloudFront as the
ingress service for all UEM environments hosted in VMC on AWS – more details are
available here. VMware will also begin to use AWS Certificate Manager (ACM) for
SSL certificate management. This allows all legacy Workspace ONE UEM SaaS
commercial customers using their own self-managed domains for accessing their
SaaS tenants, to opt-in and delegate management of these SSL certificates to
VMware.  

Note: This does not apply to FedRAMP hosted UEM customers. 

Workspace ONE UEM SaaS customers are recommended to opt-in to the offering to
benefit from streamlined and simplified management of the certificate life cycle
by VMware including,  

 * Automated periodic certificate renewal and deployment by VMware 

 * Secure RSA 2048 certificates issued by Amazon CA 

 * Improved security by generating all private keys within ACM. VMware does not
   need to handle or transport the private keys. Additionally, the need for
   customers to securely deliver private keys for SSL Certificates to VMware is
   also eliminated. 

 * Reduced costs as Amazon does not charge for issuing such SSL certificates. 


HOW TO OPT-IN TO VMWARE MANAGED SSL CERTIFICATES? 

Customers opting into the VMware certificate management offering,  

 * Open a support request with a title ‘Workspace ONE UEM: KB92081 Opt In for
   CN###’ (e.g.) 

 * VMware will provide the customer with the information required to create one
   or more DNS CNAME records: 

e.g.  
A customer using a self-managed SSL certicate for admin.customer.com would be
provided a C-NAME mapping similar to
6d5b775bf28df9fb34079ae44e27fe3.customer.com ->
_c120ca06ccb2658c041e0545d54524fb.fmfdpfvvyn.acm-validations.aws 

 * Customers should have their IT teams create the specified DNS CNAME records. 
   Customer teams may need to work with their internal Network Teams and DNS
   providers to determine how to add records  

Note: In keeping with industry security practices, VMware support are unable to
assist with these DNS changes since these domains are not managed by VMware   

 * Once the CNAME records are added, customers should inform VMware support to
   complete setup through DNS validation 

 * VMware will consequently complete DNS validation and update the SSL
   certificate used for the customer’s SaaS tenant 

Note: The CNAME record must be maintained in customer’s DNS database to allow
VMware to manage SSL certificates for the customer. If removed, VMware cannot
manage the SSL certificate for the customer domain. To opt out of the offering,
customers can simply remove the aforementioned  


Detectable by VMware SkylineTM


ACTIONS



Copy To Clipboard Copy link to clipboard copied!

Print Print

Language Language: English




ATTACHMENTS



Additional Resources
KB • Downloading and licensing vSphere Hypervisor (ESXi 7.x and 8.x) (2107518)
KB • Downloading and Installing the standalone VMware Remote Console (VMRC) in
vSphere (2091284)
Results 1-2 of 2

Ask The Community
Get answers quickly from VMware experts in the community
Post Subject

CONTINUE IN COMMUNITIES
Clear

SearchLoading




RELATED PRODUCTS:

 * VMware Workspace ONE


RELATED VERSIONS:


 * Take Our Survey


   
   
 * 
   
   
 * 
   
   
 * 
   
   
 * 
   

 * Copyright © 2023 VMware, Inc. All rights reserved.

   
   
 * Terms of Use
   
   
 * Your California Privacy Rights
   
   
 * Privacy
   
   
 * Accessibility
   
   
 * Cookie Settings



Loading

word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word

mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
Support Assistant