VMware Workspace ONE UEM | Minimum Rights for CA Account

Minimum Rights for CA Account

Prev Question Next Question

Question

Which minimum rights on a Certificate Authority (CA) should be assigned for the account specified in the CA definition in the UEM Console?

Answers

A. Local admin on the CA server with the privileges: read, issue and manage certificates, manage CA, request certificates permissions.

B. Local admin on the CA server with the privileges: read, issue and manage certificates, request certificates permissions.

C. Local admin on the CA server with the privileges: full access.

D. Local admin on the CA server with the privileges: read, manage certificates, manage CA, request certificates permissions.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1910/WS1_Certificate_Authority_Integrations.pdf

In the context of VMware Workspace ONE Unified Endpoint Management, the Certificate Authority (CA) is responsible for issuing and managing digital certificates used for secure communication between devices and the UEM infrastructure. To successfully integrate the CA with the UEM Console, the account specified in the CA definition in the UEM Console must have the appropriate permissions on the CA server.

The minimum rights required for the account on the CA server depend on the specific tasks that the account needs to perform. In general, the account needs to be able to read, issue, and manage certificates, as well as manage the CA itself and request certificates. However, the level of access required for each of these tasks may vary depending on the organization's security policies and the specific configuration of the CA.

Looking at the given answer options:

A. Local admin on the CA server with the privileges: read, issue and manage certificates, manage CA, request certificates permissions. This option provides the required permissions for the account specified in the CA definition. The account has local admin access on the CA server and can read, issue, and manage certificates, manage the CA, and request certificates.

B. Local admin on the CA server with the privileges: read, issue and manage certificates, request certificates permissions. This option provides the required permissions for the account to read, issue, and manage certificates, and request certificates. However, it does not include the permission to manage the CA, which may be necessary in some scenarios.

C. Local admin on the CA server with the privileges: full access. This option is too broad and does not specify the specific permissions required. It may give the account more access than is necessary, which could be a security risk.

D. Local admin on the CA server with the privileges: read, manage certificates, manage CA, request certificates permissions. This option provides most of the required permissions, but does not include the permission to issue certificates. Issuing certificates is an essential task for a CA, so this option does not provide the minimum required permissions.

In summary, option A is the correct answer as it provides the required permissions for the account specified in the CA definition in the UEM Console to perform its necessary tasks.

Prev Question Next Question