antonioaraujo Posted July 2 Share Posted July 2 Dear All, I hope you are fine. I am new in this community. Previously I was using the WorkspaceONE-Discussions community. I am working on an use case in which a PKCS#12 certificate needs to be uploaded to Workspace ONE UEM as shown in the image below: According to API documentation (System Management REST API V1), /users/{{userId}}/uploadsmimecerts can be used to upload MIME certificates for the enrollment user by enrollment user id. Since a new Signing certificate needs to be uploaded, is there an API to get the current Signing certificate (or Encryption, Archived) from Workspace ONE UEM? The idea is retrieving this current certificate, upload it to Archived array, and then upload the new signing certificate. Best regards Antonio Quote Link to comment Share on other sites More sharing options...
kanchan shaw Posted July 2 Share Posted July 2 Even I'm also facing same issue, through post man I'm able to upload cert of corresponding enrollment user, https://host/api/system/users/{id}/uploadsmimecerts. Postman is displaying a 200 status code. We can see thumbprint under edit user> certificate, but not able to see cert has been placed either Current User > Personal > Certificate or Certificate - Local Computer > Personal > Certificate can someone guide me, that would be great help Quote Link to comment Share on other sites More sharing options...
antonioaraujo Posted July 2 Author Share Posted July 2 (edited) Dear @kanchan shaw, I hope you are fine. Thanks for adding your question. The question I have is if there is any API to get or retrieve a certificate uploaded as Encryption, Signing or Archived from Workspace ONE UEM. Regarding to your question, I just asked one of my colleagues from Systems Team and he told me that maybe you need to create a profile, something like a SMIME profile, to push the certificate from Workspace ONE UEM to your user device. Something like this: I hope that can provide you some guidance, that is out of my scope 🙂 Best regards Antonio Edited July 2 by antonioaraujo Add a couple of images for guidance Quote Link to comment Share on other sites More sharing options...
spg123 Posted July 2 Share Posted July 2 As Antonio advice, you need to create a user profile for this with the Credentials payload. However, the disadvantage of using the Workspace ONE UEM API is that it does not support uploading previous S/MIME certificates. It is only support in the web-based administration portal. So if you have an S/MIME certificate that is valid for 1 year, and you send the new one to the Workspace ONE UEM API then all other certificates will be removed and only the latest one will be there. This is OK for new S/MIME encrypted email, but any other S/MIME encrypted email that is older than 1 year will not be able to be read on the device. Quote Link to comment Share on other sites More sharing options...
kanchan shaw Posted July 8 Share Posted July 8 Thanks Antonio/spg123, After creating the profile, when I hit API uploadsmimecerts, i didn't see certificate had been placed, but when I clicked save and publish under profile then able to placed cert in personal folder, can you help me to end to end process how uploadsmimecerts API is working, below step I'm following: 1> add user -> registered device, then create a user profile as you suggested in the above step, After clicking save and publish button, I'm able to see registered devices associated with that, then hit API api/system/users/10656/uploadsmimecerts , cert was not placed but when I first hit API then go to user profile and click the publish then we can see the cert has been placed. requesting to need a 15-minute session end-to-end flow understand that would be a very grateful. Quote Link to comment Share on other sites More sharing options...
Employee Sascha Warno Posted July 10 Employee Share Posted July 10 @spg123 you can upload archived certificates through API, not sure why the API docs where never updated. we had issues with accepting expired certs but even that was fixed in 2017. There is no API to read the existing certs so. So you would need to include them from the source again. If you want to implement some more advanced user cert management you would need to implement the Escrow Gateway. https://docs.omnissa.com/bundle/CredentialEscrowGatewayV2310/page/OverviewofCredentialEscrowGateway.html Quote Link to comment Share on other sites More sharing options...
Employee Sascha Warno Posted July 10 Employee Share Posted July 10 @kanchan shaw you would need to use webhooks and event notifications to trigger the API to upload a cert based on device enrollment for example. Assigned profiles for users without uploaded certificates should actually be in the pending state until a certificate is uploaded. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.