Install SCEP certificate on Windows using Workspace ONE UEM

Add Certificate Authority and Template

• Please refer the Initial Setup documentation to add certificate authority and certificate template in Workspace one.

Add Profile for Windows

• Go to Resources > Profiles and Baselines > Profiles and click Add > Add Profile.

• Select Windows > Widows Desktop > Device Profile

• Enter details for the profile as below:
  1. For General, Name: You choice
  2. Smart Groups: Assign to respective smart groups according to your needs.

• Go to Credentials:
  1. Credential Source: Select 'Defined Certificate Authority' from the dropdown.
  2. Certificate Authority: Select the CA configured in the Initial Setup documentation.
  3. Certificate Template: Select the template configured in the Initial Setup documentation.
  4. Key Location: TPM if present.
  5. Certificate Store: Personal

• Click on + on the bottom right and add credentials #2:
  1. Credential Source: Upload
  2. Certificate: Download the Client CA from the EAP-TLS page of foxpass and upload it here.
  3. Key Location: TPM if present
  4. Certificate Store: Trusted Root

• Click on + on the bottom right and add credentials #3:
  1. Credential Source: Upload
  2. Certificate: Download the active server CA from the EAP-TLS page of foxpass and upload it here.
  3. Key Location: TPM if present
  4. Certificate Store: Trusted Root
  5. Click 'SAVE AND PUBLISH'

• Configure Wi-Fi payload:
  1. Service Set Identifier: Your SSID
  2. Security Type: WPA2 Enterprise
  3. Encryption: AES
  4. Protocols: Certificate
  5. Identity Certificate: Choose Certificate #1
  6. Trusted Certificates: Choose Certificate #3
  7. Click 'SAVE AND PUBLISH'

User Profile - Foxpass SCEP certificate
Click on the Devices → Profiles and Resources → Profiles → Add
Click on Add Profile and Select Windows and then Windows Desktop and select User Profile.

Configuration for User Profile for Foxpass SCEP certificate

• Select General and configure:
• Name - ‘Any reference name’
• Deployment - Managed
• Assignment type - Auto
• Allow Removal - Always
• Managed by - ‘Your Administrator ID’
• Smart Groups - Add all the possible groups from the dropdown.
• Exclusions - No
• Click on Save and Publish.

Now configure Credentials:

• Credential Source - Select ‘Defined Certificate Authority from the dropdown.
• Certificate Authority - Select Foxpass from the dropdown.
• Certificate Template - Foxpass
• Key Location - TPM if present
• Certificate Store - Personal
• Save and Publish

Enroll Windows to Workspace one

• Make a note of the console version by clicking About of your Workspace one's console page.

• Go to resources.worskspaceone.com.
• Download the appropriate intelligent hub according to the console version on your Windows machine.
• Follow the setup wizard and install hub.
• Intelligent hub will open. Now enter your server address. Click 'Next'. Note : The server address in the screenshot is just an example, the server address and Group ID was sent to your email by Workspace ONE upon your registration of the user.

• Enter your Group ID and click 'Next'.

• You can see successful/unsuccessful RADIUS logs on the RADIUS logs page.

• If there are no SCEP errors, 'No errors' will be displayed in green color under Last error column for the respective endpoint on the SCEP page.

❗️

If there are any SCEP errors, it would be shown under the 'Last error' column for the respective endpoint on the Foxpass SCEP page.

Check certificates in Windows

Open certificate manager in Windows.
Select Personal → Certificates, check for the Foxpass SCEP certificate.

Now check for Foxpass CA certificate in Trusted Root Certification Authorities.