Install and Configure VMware Credential Escrow Gateway

In as SaaS world there might be some certificates you may not want to store / be able to unencrypt the Private Key in a SaaS-Service. As Client Authentication Certs can today can use SCEP there are use cases where this does not work like S/MIME. Therefore there is for VMware Workspace ONE UEM the Credential Escrow Gateway that stores the Certs and sends them encrypted to UEM only for consumption for the Devices. As the Certs are encrypted by a Cert on the Device, UEM itself can not unencrypt the Payload on UEM , only the Device or SDK Level can unencrypted the Certificate.


To be ready to deploy the CEG , make sure you meet the following requirements:

  • Download the OVA for CEG (min. Version 1.4.1 )
  • Machine Certificate for ACC installed (note down the Thumbprint)
  • Access to vSphere to deploy OVA


To install CEG , Download the Installer OVA and deploy it to the vShere. I created a Overview Video to show the process:


Once the deployment is finished , lets configure the CEG:

Activate API

To activate the CEG I used Postman, but also PowerShell or curl work for this. Here a Overview of the API Calls


This is describing the basic Setup, as there are multiple options and settings and it also may depend on the version. This Blog is just a baseline and sample , not an official documentation. Make sure you have read thought the official documentation from VMware and it is highly recommended to use VMware Professional Services for a Deployment like this.

Written by
Website | + posts

vExpert, blogger and VMware champion. Worked 10 years as a VMware & Microsoft consultant for a partner before joining VMware in 2017.

Leave a Reply

Your email address will not be published. Required fields are marked *.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.