Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. Managing secure connections
  4. Using PKI certificates with devices or apps
  5. Sending certificates to devices and apps using profiles
  6. Sending client certificates to devices and apps using SCEP
  7. Windows 10: SCEP profile settings

Windows 10
: SCEP profile settings

Windows 10
: SCEP profile setting
Description
User certificate store
This setting specifies whether the certificate is stored in the user certificates location on the device.
Subject
This setting specifies the subject for the certificate, if required for your organization's SCEP configuration. Type the subject in the format "/CN=
<common_name>
/O=
<domain_name>
" If the profile is for multiple users, you can use a variable, for example: %UserDistinguishedName%.
SAN type
This setting specifies the subject alternative name type for the certificate, if it is required.
SAN value
This setting specifies the alternative representation of the certificate subject. The value must be an email address, the DNS name of the CA server, or the fully qualified URL of the server.
The appropriate value for this setting depends on the value selected for the "SAN type" setting.
Retries
This setting specifies how many times to retry connecting to the SCEP service if the connection attempt fails.
Retry delay
This setting specifies the time in seconds to wait before retrying to connect to the SCEP service.
Key size
This setting specifies the key size for the certificate.
Key usage
This setting specifies the cryptographic operations that can be performed using the public key that is contained in the certificate.
Extended key usage
This setting specifies the purpose of the key that is contained in the certificate.
SCEP key storage
This setting specifies the storage location for the private key.
Hash function
This setting specifies the hash function that a
Windows 10
 device uses for the certificate enrollment request.
Certificate thumbprint
This setting specifies the hexadecimal-encoded hash of the root certificate for the CA. You can use the following algorithms to specify the thumbprint: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
Automatic renewal
This setting specifies how many days before a certificate expires that automatic certificate renewal occurs.
The maximum value is 365 days.