Menu path: Setup > Network > SCEP Client (NDES) > SCEP
In addition to a certification authority, an SCEP server must also be defined.
Enter the address and query password for the SCEP server here.
The SCEP server generates the password as a one-time password. It is needed when a certificate is requested for the first time. New certificates will be requested before the old ones expire. In this case, the still-valid certificate will serve as a means of authentication.
For the purpose of checking validity, define an interval (checking frequency) and a period of time in which certificate renewal must occur.
Example:
A certificate is valid until 31.12 in any one year. The period for renewal is 10 days. This means that a new certificate will first be requested on 21.12 of the same year.
Because of the need to enter a fingerprint (root certificate of the certification authority) and the query password (SCEP server), the configuration process is somewhat awkward. Ideally, it should be set up in the UMS as a profile and distributed to the clients. At the same time, the certificate still cannot be used for communication purposes.
