· In the Workspace ONE UEM Administration Console, go to Devices.
· Click Certificates.
· Click Certificate Authorities.
· Click Add.
· Provide a Name for the Template.
· Select your Certificate Authority which you just created.
· Enter your Issuing Template in the following format: certificatetemplate:[ADCS-TEMPLATE]. In my lab, my issuing template would be “certificatetemplate:WS1Cert”.
· Select the Subject Name. Remember, the subject name is what the browser will present to the user. In Workspace ONE Access, we don’t have to use the subject to match the correct user.
· Select the correct private key length (per your CA settings).
· Select both Signing and Encryption.
· Under SAN, add the following:
Email Address -> {EmailAddress}
User Principal Name -> {UserPrincipalName}
DNS Name -> UDID={DeviceUid}
· Select Automatic Certificate Renewal.
· Select Name Certificate Revocation.
· Click Save.
You have successfully created a new certificate template in Workspace ONE UEM.