Menu path: Setup > Network > SCEP Client (NDES) > SCEP
Here, you can give information regarding the SCEP server used.
Because of the need to enter a fingerprint (CA root certificate) and the Challenge password (SCEP server), the configuration process is somewhat complicated. Ideally, it should be set up in the UMS as a profile and distributed to the devices. At the same time, the certificate cannot yet be used for communication purposes.
SCEP server URL: Address of the SCEP server. Examples: http://myserver.mydomain.com/certsrv/mscep/mscep.dll (Windows Server 2019); http://myserver.mydomain.com/certsrv/mscep (before Windows Server 2019)
Proxy server for SCEP requests: Proxy server in the format host:port
. If this field is empty, no proxy will be used.
Challenge password: Password for queries.
Certificate renewal period (days): Time interval before certificate expiry after which the certificate renewal procedure is started. (Default: 30)
Certificate expiry check interval (days): Specifies how often the certificate is checked against its expiry date. (Default: 1)
As an example, a certificate is valid until 31.12. of a year. If the period for renewal is set to 10 days, a new certificate will be requested for the first time on 21.12. of the same year.
For more information, see the how-to Providing the SCEP Server Data. See also Configuration of the SCEP Client.