Install and Configure Omnissa Credential Escrow Gateway

In as SaaS world there might be some certificates you may not want to store / be able to unencrypt the Private Key in a SaaS-Service. As Client Authentication Certs can today can use SCEP there are use cases where this does not work like S/MIME. Therefore there is for Omnissa Workspace ONE UEM the Credential Escrow Gateway that stores the Certs and sends them encrypted to UEM only for consumption for the Devices. As the Certs are encrypted by a Cert on the Device, UEM itself can not unencrypt the Payload on UEM , only the Device or SDK Level can unencrypted the Certificate.

Prepare

To be ready to deploy the CEG , make sure you meet the following requirements:

  • Download the OVA for CEG (min. Version 1.4.1 )
  • Machine Certificate for ACC installed (note down the Thumbprint)
  • Access to vSphere to deploy OVA

Install

To install CEG , Download the Installer OVA and deploy it to the vShere. I created a Overview Video to show the process:

Configure

Once the deployment is finished , lets configure the CEG:

Activate API

To activate the CEG I used Postman, but also PowerShell or curl work for this. Here a Overview of the API Calls

Conclusion

This is describing the basic Setup, as there are multiple options and settings and it also may depend on the version. This Blog is just a baseline and sample , not an official documentation. Make sure you have read thought the official documentation from Omnissa and it is highly recommended to use Omnissa Professional Services for a Deployment like this.

Written by
Website | + posts

vExpert, blogger and VMware & Omnissa champion. Worked 10 years as a Architect for a partner before joining VMware in 2017. Moved to Omnissa in 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.
BACK TO TOP