Skip Navigation

Windows 10
: SCEP profile settings

Windows 10
: SCEP profile setting
User certificate store
This setting specifies whether the certificate is stored in the user certificates location on the device.
This setting specifies the subject for the certificate, if required for your organization's SCEP configuration. Type the subject in the format "/CN=
" If the profile is for multiple users, you can use a variable, for example: %UserDistinguishedName%.
SAN type
This setting specifies the subject alternative name type for the certificate, if it is required.
SAN value
This setting specifies the alternative representation of the certificate subject. The value must be an email address, the DNS name of the CA server, or the fully qualified URL of the server.
The appropriate value for this setting depends on the value selected for the "SAN type" setting.
This setting specifies how many times to retry connecting to the SCEP service if the connection attempt fails.
Retry delay
This setting specifies the time in seconds to wait before retrying to connect to the SCEP service.
Key size
This setting specifies the key size for the certificate.
Key usage
This setting specifies the cryptographic operations that can be performed using the public key that is contained in the certificate.
Extended key usage
This setting specifies the purpose of the key that is contained in the certificate.
SCEP key storage
This setting specifies the storage location for the private key.
Hash function
This setting specifies the hash function that a
Windows 10
device uses for the certificate enrollment request.
Certificate thumbprint
This setting specifies the hexadecimal-encoded hash of the root certificate for the CA. You can use the following algorithms to specify the thumbprint: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
Automatic renewal
This setting specifies how many days before a certificate expires that automatic certificate renewal occurs.
The maximum value is 365 days.