Skip to main content
Skip table of contents

Certificate Enrollment and Renewal with SCEP (NDES)

SCEP is a protocol for certificate management that supports the secure issuance of certificates to network devices.

Requirements

Microsoft patch KB5014754 introduces strong certificate mapping requirements for Kerberos authentication. While this patch does not affect the issuance of certificates through SCEP/NDES, certificates issued without strong mapping attributes cannot be used for authentication to domain controllers. This primarily affects configurations where certificates are used for Kerberos authentication.
Currently, there is no official workaround or patch from Microsoft.

  • SCEP server
    The following SCEP server implementations can be used with IGEL OS:

    • Windows 2008 Server with the Network Device Enrollment Service (NDES) role

    • Windows 2012 Server

    • Windows 2016 Server

    For information on how to deploy the NDES, see the Microsoft documentation.

  • Connection between the SCEP server and the certification authority (CA).

This document explains the enrollment of certificates with SCEP.

Client Enrollment Details
Technical Background
Configuration of the SCEP Client
Files Involved
Troubleshooting



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close