Integrating a SCEP Server

65 views October 2, 2018 February 11, 2020 0

During the MDM configuration,  a certificate authority that uses the Simple Certificate Enrollment Protocol (SCEP) was established. This ensures that certificates for those mobile devices managed with Mobile Device Man­agement are requested and issued automatically. You can use these self-generated certificates for a proof of concept.

Use self-generated certificates

If you want to use this self-generated certificates, then you don’t need to make any further changes to the settings in the Management Console.

These correspond to the default settings under: Control Panel→ Global Settings→ MDM→ Configure→ SCEP Server→ Use self cre­ated certificates (arrow in illus.).

using self-generated certificates

using self-generated certificates

Use SCEP server

However, for a production environment, we recommend using a separate SCEP server.

  • In the management console select: Control Panel→ Global Settings→ MDM→ Configure→ SCEP Server→ Use SCEP server.
enter SCEP server in the management console

enter SCEP server in the management console

  • SCEP server URL: Enter here the URL for mscep.dll in the newly installed SCEP server: http:// SCEP_server_address / certsrv / mscep / mscep.dll (example for Microsoft SCEP server: http:// 192.168.149.51 / certsrv / mscep / mscep.dll)
  • SCEP server challenge URL: Enter here the URL, from which the challenge password will be read: http://< SCEP_server_address>/certsrv/mscep_admin (example: http://192.168.149.51/certsrv/mscep_admin)
  • SCEP server challenge pattern: This is the search pattern for reading the challenge password. With Windows SCEP servers keep the default value.
  • SCEP issuer thumbprint: This is the SCEP server’s CA certificate thumbprint – necessary for Android MDM.
  • Confirm with OK.

Was this helpful?