Configure SCEP

  1. On the menu sidebar, under SETTINGS, click Setup and then System setup, and go to the SCEP tab.
  2. Specify the following:
    1. In the SCEP server URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    2. In the Challenge URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP_ADMIN.
      Note: If you use a Windows 2003 server as the SCEP server, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    3. In the User and Password fields, enter the user credentials of the user who can create a challenge code.
      Note: In the User field, enter a user who has the necessary rights to enroll certificates. Use the logon format: username@domain
    4. In the Challenge characters field, select the character types that are used for the challenge password.
    5. In the Challenge length field, accept the default length.
    6. Optional: Clear the Use HTTP proxy option if you want Sophos Mobile Control to bypass the HTTP proxy when connecting to the SCEP server. This option is only available if the HTTP proxy is enabled.
      For on-premise installation, the super administrator can configure an HTTP proxy that Sophos Mobile Control uses for outbound HTTP and SSL connections. See the Sophos Mobile Control super administrator guide.

      For Sophos Mobile Control as a Service, the HTTP proxy is always enabled.

  3. Click Save.
    Sophos Mobile Control tests the connection to your SCEP server.
To deploy a profile using SCEP, you must add a SCEP configuration to an Android or iOS device profile or to a Windows Mobile policy.