Menu path: Setup > Network > SCEP Client (NDES) > Certificate

Here, you can specify the basic data for the certificate to be issued by the certification body.

Type of CommonName/SubjectAltName: The characteristic for linking the certificate to the device.

  • IP address: The IP address of the device.
  • DNS name: The DNS name of the device.
  • IP address (auto): The IP address of the device (inserted automatically).
  • DNS name (auto): The DNS name of the device (inserted automatically).
  • Email address: An email address.
  • DNS name as UPN (auto)

If the client automatically obtains its network name, DNS Name (auto) is a good type for the client certificate.


The following parameter is available if Type of CommonName/SubjectAltName is set to IP address, DNS name, or Email address:

CommonName/SubjectAltName: Give a designation which matches the Type of CommonName/SubjectAltName. For certain types, this occurs automatically. No entry is then required.

The following parameter is available if Type of CommonName/SubjectAltName is set to IP address (auto), DNS name (auto), or DNS name as UPN (auto):

CommonName/SubjectAltName Suffix: Specifies a suffix that will be added to CommonName/SubjectAltName.
Possible values:

  • "none": No suffix will be added.
  • "dot + DNS domain (auto)": The system's current DNS domain name separated with a dot will be added. Example: .igel.local

  • Free text entry: The manually entered suffix will be added. Take notice that the percent symbol "%" is used for introducing the escape sequence, and thus the following replacements take place automatically:

    • %D is replaced by the system's DNS domain name at the time the certificate signing request (CSR) is created. Example: @%D will be changed into @igel.de if the system's current DNS domain name is igel.de.
    • %% will be replaced by %. Example: A%%B will be changed into A%B.
    • Other combinations with % are currently discarded. Example: A%BC will be changed into AC.

  • If you have to specify the suffix manually, make sure you enter the separator.

Organizational unit: Stipulated by the certification authority.

Organization: A freely definable designation for the organization to which the client belongs.

Locality: Details regarding the device’s locality. Example: "Augsburg".

State: Details regarding the device’s locality. Example: "Bayern".

Country: Two-digit ISO 3166-1 country code. Example: "DE".

RSA key length (bits): Select a key length (one suited to the certification authority) for the certificate that is to be issued.
Possible values:

  • "1024"
  • "2048"
  • "4096"