Skip to main content

Create certificate profiles for SCEP

If you already have a certificate profile with SCEP as the enrollment method, you can skip this step.

Make sure your profile has the following settings. Complete the rest of the profile wizard as desired.

  1. From the Trust Lifecycle Manager menu, go to Policies > Base templates.

  2. Select Create profile from template.

  3. Select the Generic Device Certificate base template to create the profile from.

    Work through the profile configuration wizard as described in the following steps.

  4. For the Primary options:

    1. Select the appropriate business unit and the issuing CA that has been enabled to decrypt and sign SCEP packets.

    2. Select SCEP as the enrollment method.

    3. For the authentication method, select and configuration options for Dynamic enrollment codes.

      Alternatively, select the Global enrollment code options for your SCEP-enabled profile to allow unregistered devices register for a certificate. Provide the enrollment code for the unregistered devices and proceed.

      Avvertimento

      Use Global enrollment codes with caution, since any SCEP client with access to the code can get a certificate automatically issued without prior registration.

  5. For the certificate fields select a source of SCEP request for all fields. This will populate the values from the CSR submitted via the SCEP protocol.

  6. For Seat ID Mapping, select a field from the CSR that will be sent via SCEP and used to identify/authenticate the request. The value within the field must match the seat ID you created within Trust Lifecycle Manager.

  7. Select Create on the final wizard screen to save the new profile.

  8. Copy and save the SCEP server URL for the profile somewhere you can access it later.

In questa sezione: