Configure SCEP

  1. On the menu sidebar, under SETTINGS, click Setup > System setup, and go to the SCEP tab.
  2. Specify the following:
    1. In the SCEP server URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    2. In the Challenge URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP_ADMIN.
      Note If you use a Windows 2003 server as the SCEP server, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    3. In the User and Password fields, enter the user credentials of the user who can create a challenge code.
      Note In the User field, enter a user who has the necessary rights to enroll certificates. Use the logon format: username@domain
    4. In the Challenge characters field, select the character types that are used for the challenge password.
    5. In the Challenge length field, accept the default length.
    6. Optional Clear the Use HTTP proxy option if you want Sophos Mobile to bypass the HTTP proxy when connecting to the SCEP server. This option is only available if the HTTP proxy is enabled.
      For Sophos Mobile on Premise, the super administrator can configure an HTTP proxy that Sophos Mobile uses for outbound HTTP and SSL/TLS connections. See the Sophos Mobile super administrator guide.

      For Sophos Mobile as a Service, the HTTP proxy is always enabled.

  3. Click Save.
    Sophos Mobile tests the connection to your SCEP server.
To deploy a profile using SCEP, you must add a SCEP configuration to an Android or iOS device profile or to a Windows Mobile policy.