Cortado Support

My Tickets Visit www.cortado.com
Welcome
Login
  1. Cortado Support
  2. Solution home
  3. Set up profiles and policies
  4. Global Profiles

Create SCEP profile

Cortado Support
Modified on: Wed, 17 Jan, 2024 at 2:38 PM

If you use a SCEP server for your certificate management, you can create SCEP pro­files here. Using these profiles, the users’ mobile devices can auto­matically request client certificates (SSL) from the SCEP server. These are then loaded onto the devices. This ensures that only devices with matching client certifi­cates can log in to the corporate Wi-Fi or onto the exchange server. You can then select the SCEP profiles in the Exchange or Wi-Fi profiles. 

  • First proceed as described here.
  • Then select SCEP as the profile that you want to add. The following dia­log will open. 

a screenshot of a web page with a number of options.

Make the following settings:

  • Profile name: Enter a name for the profile here.
  • Display name: Enter the name of the profile, as you want it displayed to the users.
  • URL: Enter the URL of the SCEP server here. Please note that for a Microsoft SCEP server the following term is placed after the server address:
    https://server­name/certsrv/mscep/mscep.dll
  • Subject: Enter the name of the certificate. Use wildcards, so the name will be inserted automatically (e.g. CN=#userprincipalname#)
  • Subject alternative name type: Here you can choose between None, RFC 822 Name (for user certificates), DNS Name and Uniform Resource Identifier (for both device and server certificates).
  • Subject alternative name value: If necessary, insert an alternative certificate name here. Use wildcards for this (e.g. #useremailadress#).
  • NT principal name: Enter the UPN.
  • SCEP server challenge: Enter the challenge password here. If you select the Autofill option, the challenge password will be read and entered here automatically.
  • SCEP server challenge URL: Enter the URL from which the challenge pass­word is to be read. Please note that for a Microsoft SCEP server the following is placed after the server address: /certsrv/mscep_admin.
  • SCEP server challenge pattern: This is the search pattern (regular expression) for reading the challenge password. With SCEP servers running Windows, keep the default value.
  • SCEP server fingerprint: Enter the thumbprint of the issuing certificate authority here. You’ll find this in the root certificate of your SCEP server.
  • SCEP server fingerprint pattern: This is the search pattern (regular expres­sion) for the thumbprint of the root certificate.
  • Retries: Here you can set how many times a connection search to the SCEP server will be retried, if the connections fail.
  • Retry delay: Here you can set the delay time in seconds between subsequent retries.
  • Key size: Enter the value for the key size here.
  • Use as digital signature: Enable this checkbox, if you want the certificate being issued to be used as a digital signature.
  • Use for key encipherment: Enable this checkbox if using a certificate with a protocol that encrypts keys.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles