Enrolling certificates with SCEP

Last Updated : Apr 30, 2021 |

About this task

If you CA supports SCEP, you can enroll certificates automatically. You must specify the SCEP server details of your CA when generating a CSR.

Procedure

  1. On the AE Services management console main menu, go to Security > Certificate Management > Server Certificates.
  2. On the Server Certificates page, click Add.
  3. On the Add Server Certificate page, in Certificate Alias, select the required alias for the certificate.
  4. Leave the Create Self-Signed Certificate check box cleared.
  5. In Enrollment Method, select Automatic.
  6. In Encryption Algorithm, select the required encryption algorithm.

    The default value is 3DES.

  7. In Password, type a password for the certificate key.
  8. In Re-enter Password, retype the new password.
  9. In Key Size, select the key size value.

    The default value is 2048.

  10. In Certificate Validity, specify the number of days before a certificate expires.

    The default value is 1825.

  11. In Distinguished Name (DN), type the LDAP entries required by your CA.
  12. In Challenge Password, type a certificate key challenge password.
  13. In Re-enter Challenge Password, retype the new challenge password.
  14. In SAN IP Address, type the IP address of the SAN parameter.
  15. In SAN DNS Name, type the IP address or hostname of the SAN parameter.
  16. In Key Usage, select the setting required for your certificate.
  17. In Extended Key Usage, select the setting required for your certificate.
  18. In SCEP Server URL, specify the CA URL.

    For example, http://ca.example.com/certsrv/mscep/mscep.dll.

  19. In CA Certificate Alias, type the name used to identify the CA certificate.
  20. In CA Identifier, type the CA identifier.
  21. Click Apply.

    AE Services displays the pending CSR on the Pending Server Certificate Requests page.