SCEP Profile

SCEP Profile specifies the configurations of the SCEP server behaviour. It holds the configuration listed below:

Configuration	Purpose	Default Value	Mandatory
Name	`SCEP Profile` Name		Yes
Description	Description of the `SCEP Profile`		No
Challenge Password	Challenge Password to authorize certificate request		No
Renewal Threshold	Number of days before the certificate expiration date to allow renewal request	`Half-time of the validity period of the Certificate`	No
Include CA Certificate	Include certificate of the issuer in the certificate response	`false`	No
Include CA Certificate Chain	Include complete chain in the certificate response	`false`	No
Enable Intune	Enable Microsoft Intune integration for certificate request validation	`false`	No
Intune Tenant	Microsoft Intune Tenant to be used for request Validation		No
Intune Application ID	ID of the Microsoft Intune Application		No
Intune Application Key	Secret to authenticate with the Intune application		No
CA Certificate	Certificate to be used as SCEP CA certificate (for decryption and signing)		Yes

`SCEP Profile` certificate requirements

The certificate to be used for the SCEP Profile should meet the following criteria

Certificate should have associated private key managed by the platform
The key algorithm should be one of the supported RSA or ECDSA
The key pair should have appropriate key set enabled (for encryption and signing)

Microsoft Intune certificate requirements

For Microsoft Intune validation, there may be additional requirements for the certificate. See the Intune Integration Guide for more information.

The following operations can be performed on the SCEP Profile:

Operation	Description
Create	Create a new `SCEP Profile`. New `SCEP Profile` is disabled by default
Update	Update configuration of already existing `SCEP Profile`
Delete	Delete existing `SCEP Profile`
Disable	Disable existing `SCEP Profile`. All request to disabled `SCEP Profile` will be rejected
Enable	Enable existing `SCEP Profile`