SCEP Profile
SCEP Profile specifies the configurations of the SCEP server behaviour. It holds the configuration listed below:
| Configuration | Purpose | Default Value | Mandatory |
|---|---|---|---|
| Name | SCEP Profile Name | Yes | |
| Description | Description of the SCEP Profile | No | |
| Challenge Password | Challenge Password to authorize certificate request | No | |
| Renewal Threshold | Number of days before the certificate expiration date to allow renewal request | Half-time of the validity period of the Certificate | No |
| Include CA Certificate | Include certificate of the issuer in the certificate response | false | No |
| Include CA Certificate Chain | Include complete chain in the certificate response | false | No |
| Enable Intune | Enable Microsoft Intune integration for certificate request validation | false | No |
| Intune Tenant | Microsoft Intune Tenant to be used for request Validation | No | |
| Intune Application ID | ID of the Microsoft Intune Application | No | |
| Intune Application Key | Secret to authenticate with the Intune application | No | |
| CA Certificate | Certificate to be used as SCEP CA certificate (for decryption and signing) | Yes | |
| RA Profile | RA Profile that will be set as default for the SCEP Profile | No |
SCEP Profile certificate requirements
The certificate to be used for the SCEP Profile should meet the following criteria
- Certificate should have associated private key managed by the platform
- The key algorithm should be one of the supported
RSAorECDSA - The key pair should have appropriate key set enabled (for encryption and signing)
Microsoft Intune certificate requirements
For Microsoft Intune validation, there may be additional requirements for the certificate. See the Intune Integration Guide for more information.
Attributes for certificate management
If a default RA Profile is selected then Attributes to issue and revoke certificates must be configured, if needed.
Certificate operations
Certificate management Attributes for SCEP Profile are used during issuing process of the certificate and cannot be changed by the SCEP client.
Operations on SCEP Profile
The following operations can be performed on the SCEP Profile:
| Operation | Description |
|---|---|
| Create | Create a new SCEP Profile. New SCEP Profile is disabled by default |
| Update | Update configuration of already existing SCEP Profile |
| Delete | Delete existing SCEP Profile |
| Disable | Disable existing SCEP Profile. All request to disabled SCEP Profile will be rejected |
| Enable | Enable existing SCEP Profile |