Management and Security powered by Landesk

Configure SCEP

Configure > Device Discovery > SCEP Configuration

Connecting to a SCEP server allows you to dynamically provision certificates. Each time a device is added, your SCEP server will automatically distribute a certificate to it. This effectively secures your corporate network and devices from random (non-SCEP) device enrollments and access. SCEP is used for securing iOS Wi-Fi payloads.

Use of this feature assumes that the following services are set up and fully configured:

Active Directory

Certificate Services, including Microsoft Network Device Enrollment Service (NDES). It is highly recommended that this server is running Windows Server 2012 R2 or newer.

The NDES server should be configured to allow more than the 5 passwords per hour. It is recommended 20 passwords per hour via registry setting.

Network Policy Server (RADIUS)

EAP-based wireless infrastructure

In the LDMS console, configure Directory to connect to Active Directory; pass-through user authentication is not sufficient.

When connected to a SCEP server, Ivanti® Endpoint Manager and Endpoint Security, powered by Landesk communicates with it through the CSA. The SCEP server should then make any certificate requests to a certificate authority, which then publishes the certificate to an access point. The certificate is then distributed on a device-by-device basis.

The credentials referenced here must be set up from the machine hosting your SCEP server. We do not document the process for accomplishing this.

The SCEP Configuration dialog has the following fields:

SCEP Server URL: The NDES server hostname or IP. Both HTTP and HTTPS are supported, though we recommend using HTTPS. Only include HTTPS followed by the hostname or IP; do not include a full path. Only Microsoft NDES is supported, thus only the first part of the URL is needed.

Username: The username you created when installing NDES

Password: The password for the NDES user.

Domain: The NDES user’s domain.

To ensure a proper connection with your SCEP server, click Verify. If successful, then click Apply.

The Verify button is designed with a limited number of challenge IDs that it can submit in an hour to verify connections, so use it sparingly. To reset the password counter, restart IIS on the NDES server.


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other