SCEP configuration (Android Enterprise work profile policy)
With the SCEP configuration you enable devices to request certificates from a Certificate Authority using the Simple Certificate Enrollment Protocol (SCEP). These certificates are available to apps that are installed in the work profile.
You must first add a Root certificate configuration to upload the CA certificate of the SCEP server before you can add a SCEP configuration.
|URL||The web address of the Certificate Authority server. |
Use the variable
|Alias name||The name under which the certificate will appear in selection dialogs. |
This should be a memorable name to identify the certificate. For example, use the same value as in the Subject field, but without the
|Subject||The name of the entity (for example person or device) that will receive the certificate. |
You can use placeholders for user data or device properties.
The value that you enter (with placeholders replaced by the actual data) must be a valid X.500 name.
|Type of Subject Alternative Name, |
Value of Subject Alternative Name
|To add a Subject Alternative Name (SAN) to the SCEP configuration, select the SAN type and then enter the SAN value. SAN types are: |
|AD user logon name||The User logon name value set in Active Directory, i.e. the user’s User Principal Name (UPN).|
|Challenge||The web address to obtain a challenge password from the SCEP server. |
Use the variable
|Root certificate||The CA certificate. |
Select the certificate from the list. The list contains all certificates that you have uploaded in Root certificate configurations of the current policy.
|Key size||The size of the public key in the issued certificate. |
Make sure that the value matches the size configured on the SCEP server.
|Certificate usage||Select what the certificate can be used for. |