SCEP Server in IGEL OS 12
This article describes the settings required for a SCEP server in IGEL OS.
Menu path: Network > SCEP Client (NDES) > SCEP Server
Because of the need to enter a fingerprint (CA root certificate) and the Challenge password (SCEP server), the configuration process is somewhat complicated. Ideally, it should be set up in the UMS as a profile and distributed to the devices. For more information, see Universal Management Suite > IGEL UMS Web App > Configuration - Centralized Management of Device Settings in the IGEL UMS Web App > How to Create and Assign Profiles in the IGEL UMS Web App.
At the same time, the certificate cannot yet be used for communication purposes.
SCEP server URL
Address of the SCEP server.
Examples:
http://myserver.mydomain.com/certsrv/mscep/mscep.dll
(Windows Server 2019)http://myserver.mydomain.com/certsrv/mscep
(before Windows Server 2019)
Proxy server for SCEP requests
Proxy server in the format host:port
. If this field is empty, no proxy will be used.
Challenge password
Password for queries
Certificate renewal period (days)
Time interval before certificate expiry after which the certificate renewal procedure is started. (Default: 30)
Certificate expiry check interval (days)
Specifies how often the certificate is checked against its expiry date. (Default: 1)
As an example, a certificate is valid until 31.12. of a year. If the period for renewal is set to 10 days, a new certificate will be requested for the first time on 21.12. of the same year.