Document toolboxDocument toolbox

SCEP Server in IGEL OS 12

This article describes the settings required for a SCEP server in IGEL OS.


Menu path: Network > SCEP Client (NDES) > SCEP Server

 

Because of the need to enter a fingerprint (CA root certificate) and the Challenge password (SCEP server), the configuration process is somewhat complicated. Ideally, it should be set up in the UMS as a profile and distributed to the devices. For more information, see Universal Management Suite > IGEL UMS Web App > Configuration - Centralized Management of Device Settings in the IGEL UMS Web App > How to Create and Assign Profiles in the IGEL UMS Web App.
At the same time, the certificate cannot yet be used for communication purposes.

 

SCEP server URL

Address of the SCEP server.
Examples:

  • http://myserver.mydomain.com/certsrv/mscep/mscep.dll (Windows Server 2019)

  • http://myserver.mydomain.com/certsrv/mscep (before Windows Server 2019)

 

Proxy server for SCEP requests

Proxy server in the format host:port. If this field is empty, no proxy will be used.

Challenge password

Password for queries

 

Certificate renewal period (days)

Time interval before certificate expiry after which the certificate renewal procedure is started. (Default: 30)

 

Certificate expiry check interval (days)

Specifies how often the certificate is checked against its expiry date. (Default: 1)

As an example, a certificate is valid until 31.12. of a year. If the period for renewal is set to 10 days, a new certificate will be requested for the first time on 21.12. of the same year.