SCEP configuration (Windows policy)
With the SCEP configuration you enable devices to request certificates from a Certificate Authority using the Simple Certificate Enrollment Protocol (SCEP).
Setting | Description |
---|---|
Description | A description for the configuration. |
URL | The web address of the Certificate Authority server. Use the variable |
Subject | The name of the entity (for example person or device) that will receive the certificate. You can use placeholders for user data or device properties. The value that you enter (with placeholders replaced by the actual data) must be a valid X.500 name. For example:
|
Subject Alternative Name | Optionally, configure one or more Subject Alternative Name (SAN) values. Click Add and then enter a SAN type and a SAN value. |
Challenge | The web address to obtain a challenge password from the SCEP server. Use the variable |
Root certificate | The CA certificate. Select the certificate from the list. The list contains all certificates that you have uploaded in Root certificate configurations of the current policy. |
Retries | The number of retries if the server sends a response of type pending . |
Retry delay | The number of seconds between retries. |
Key size | The size of the public key in the issued certificate. Make sure that the value matches the size configured on the SCEP server. |
Certificate usage | Select what the certificate can be used for.
|