SCEP

42 views October 19, 2018 0

Create SCEP profile for Cortado MDM

If you use a SCEP server for your certificate management, you can create SCEP pro­files on the Cortado server. Using these profiles, the users’ mobile devices can auto­matically request client certificates (SSL) from the SCEP server. These are then loaded onto the devices. This ensures that only devices with matching client certifi­cates can log in to the corporate Wi-Fi or onto the exchange server. You can then select the SCEP profiles in the Exchange or Wi-Fi profiles.

  • Select SCEP as the profile that you want to add. The following dia­log will open.
configure SCEP profile

configure SCEP profile

Make the following settings:

  • Profile name: Enter a name for the profile here.
  • Display name: Enter the name of the profile, as you want it displayed to the users.
  • URL: Enter the URL of the SCEP server here. Please note that for a Microsoft SCEP server the following term is placed after the server address: https://server­name/certsrv/mscep/mscep.dll.
  • Subject: Enter the name of the certificate. Use wildcards, so the name will be inserted automatically (e.g. CN=#userprincipalname#)
  • Subject alternative name type: Here you can choose between None, RFC 822 Name (for user certificates), DNS Name and Uniform Resource Identifier (for both device and server certificates).
  • Subject alternative name value: If necessary, insert an alternative certificate name here. Use wildcards for this (e.g. #useremailadress#).
  • NT principal name: Enter the UPN.
  • SCEP server challenge: Enter the challenge password here. If you select the Autofill option, the challenge password will be read and entered here automatically.
  • SCEP server challenge URL: Enter the URL from which the challenge pass­word is to be read. Please note that for a Microsoft SCEP server the following is placed after the server address: /certsrv/mscep_admin.
  • SCEP server challenge pattern: This is the search pattern (regular expression) for reading the challenge password. With SCEP servers running Windows, keep the default value.
  • SCEP server fingerprint: Enter the thumbprint of the issuing certificate authority here. You’ll find this in the root certificate of your SCEP server.
  • SCEP server fingerprint pattern: This is the search pattern (regular expres­sion) for the thumbprint of the root certificate.
  • Retries: Here you can set how many times a connection search to the SCEP server will be retried, if the connections fail.
  • Retry delay: Here you can set the delay time in seconds between subsequent retries.
  • Key size: Enter the value for the key size here.
  • Use as digital signature: Enable this checkbox, if you want the certificate being issued to be used as a digital signature.
  • Use for key encipherment: Enable this checkbox if using a certificate with a protocol that encrypts keys.

You’ll find out here how to distribute the new profile (see section Assigning profiles).

Was this helpful?