Configure SCEP

Before you can use SCEP for your devices, you must configure the connection to your SCEP server.

To configure SCEP:

  1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the SCEP tab.
  2. Specify the following:
    1. In the SCEP server URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    2. In the Challenge URL field, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP_ADMIN.
      Note If you use a Windows 2003 server as the SCEP server, enter https://YOUR-SCEP-SERVER/CertSrv/MSCEP.
    3. In the User and Password fields, enter the user credentials of the user who can create a challenge code.
      Note In the User field, enter a user who has the necessary rights to enroll certificates. Use the logon format: username@domain
    4. In the Challenge characters field, select the character types that are used for the challenge password.
    5. In the Challenge length field, accept the default length.
    6. Optional Clear the Use HTTP proxy option if you want Sophos Mobile to bypass the HTTP proxy when connecting to the SCEP server. This option is only available if the HTTP proxy is enabled.
      For Sophos Mobile on Premise, the super administrator can configure an HTTP proxy that Sophos Mobile uses for outbound HTTP and SSL/TLS connections. See the Sophos Mobile super administrator guide.

      For Sophos Mobile as a Service, the HTTP proxy is always enabled.

  3. Click Save.

Sophos Mobile tests the connection to your SCEP server.

To deploy a certificate using SCEP, add a SCEP configuration to an Android, iOS, or Windows Mobile policy.

Tip In the policy, you can configure an interval after which the device automatically requests a certificate renewal.