Create a SCEP profile
The required profile settings vary for each device type and depend on the SCEP service configuration in your organization's environment.
If you want to use a SCEP profile to distribute
OpenTrustclient certificates to devices, you must apply a hotfix to your
OpenTrustsoftware. For more information, contact your
OpenTrustsupport representative and reference support case SUPPORT-798.
- On the menu bar, clickPolicies and Profiles.
- ClickCertificates > SCEP.
- Click .
- Type a name and description for the profile. Each certificate profile must have a unique name.
- In theURLfield, type the URL for the SCEP service. The URL should include the protocol, FQDN, port number, and SCEP path.
- In theInstance namefield, type the instance name for the CA.
- In theCertification authority connectiondrop-down list, perform one of the following actions:
- To use anEntrustconnection that you configured, click the appropriate connection. In theProfiledrop-down list, click a profile. Specify the values for the profile.
- To use anOpenTrustconnection that you configured, click the appropriate connection. In theProfiledrop-down list, click a profile. Specify the values for the profile.
- The following settings in the SCEP profile do not apply toOpenTrustclient certificates: Key usage, Extended key usage, Subject, and SAN.
- To use another CA, clickGeneric. In theSCEP challenge typedrop-down list, selectStaticorDynamicand specify the required settings for the challenge type.ForWindowsdevices, only static passwords are supported.
- Optionally, clear the check box for any device type that you do not want to configure the profile for.
- For each device type that you want to configure in your organization, perform the following actions:
- Click the tab for a device type.
- Configure the appropriate values for each profile setting to match the SCEP service configuration in your organization's environment.
If devices use the client certificate to authenticate with a work
Wi-Finetwork, work VPN, or work mail server, associate the SCEP profile with a
Wi-Fi, VPN, or email profile.