Skip to main content

Create profiles

If you already have a profile with SCEP as the enrollment method, skip this step.

Make sure your profile has the following settings. Complete the rest of the profile wizard as desired.

  1. Go to Policies > Base templates and select Generic Device Certificate Template.

  2. For primary certificate options:

    1. Select the appropriate business unit and the issuing CA that has been enabled to decrypt and sign SCEP packets.

    2. Select SCEP as the enrollment method.

  3. For the certificate fields select a source of SCEP request for all fields. This will populate the values from the CSR submitted via the SCEP protocol.

  4. Alternatively, select the Global enrollment code options for your SCEP-enabled profile to allow unregistered devices register for a certificate.

    • Provide the enrollment code for the unregistered devices and proceed.

    Note

    Use this Global Enrollment Code with caution, since any SCEP client with access to the code can get a certificate automatically issued without prior registration.

  5. For Seat ID Mapping, select a field from the CSR that will be sent via SCEP and used to identify/authenticate the request. The value within the field must match the seat ID you created within DigiCert​​®​​ Trust Lifecycle Manager.

  6. Save the SCEP server URL somewhere you can access it later.