Skip to main content

Configure SCEP enrollment

The Simple Certificate Enrollment Protocol (SCEP) facilitates automated certificate issuance and management for IoT devices. This guide covers the necessary steps to configure SCEP in DigiCert​​®​​ IoT Trust Manager.

注意

IoT Trust Manager does not support the use of ECDSA keys for SCEP operations.

SCEP support in IoT Trust Manager

SCEP in IoT Trust Manager adheres to the specifications outlined in RFC 8894. Despite the final RFC being published in 2020, the implementation continues to support functionalities as defined in version 23 of the original draft, commonly used in the industry.

IoT Trust Manager supports the following SCEP specifications:

To successfully use SCEP enrollment in IoT Trust Manager, you must first ensure the proper configuration of your Certificate Authority (CA) infrastructure. This involves setting up both Root and Intermediate CAs with specific settings to support SCEP operations.

Additionally, configuration steps must be completed within IoT Trust Manager to enable SCEP for a specific enrollment profile.

  1. In the IoT Trust Manager menu, select Enrollment configuration > Enrollment profiles.

  2. Click the name of the enrollment profile being used for SCEP.

  3. On the Enrollment profile details page, scroll to the SCEP section.

  4. In the SCEP section, copy the Enroll/reenroll endpoint URL.

Now that you have the SCEP endpoint and authentication method (enrollment passcode or authentication certificate), you can use them to perform SCEP enrollment.

提示

Ready to test your SCEP enrollment process? Try DigiCert​​®​​ TrustEdge, a standalone executable that can run as both an agent for devices managed through DigiCert​​®​​ Device Trust Manager or as a standalone command line tool.