During the MDM configuration, a certificate authority that uses the Simple Certificate Enrollment Protocol (SCEP) was established. This ensures that certificates for those mobile devices managed with Mobile Device Management are requested and issued automatically. You can use these self-generated certificates for a proof of concept.
Use self-generated certificates
Use self-generated certificates
If you want to use this self-generated certificates, then you don’t need to make any further changes to the settings in the Administration Portal.
These correspond to the default settings under: Administration→ Settings→ MDM→ Configure→ SCEP Server→ Use self created certificates (arrow in illus.).
Use SCEP server
However, for a production environment, we recommend using a separate SCEP server.
- In the administration portal select: Administration→ Settings→ MDM→ Configure→ SCEP Server→ Use SCEP server.
- SCEP server URL: Enter here the URL for mscep.dll in the newly installed SCEP server: http:// SCEP_server_address / certsrv / mscep / mscep.dll (example for Microsoft SCEP server: http:// 192.168.149.51 / certsrv / mscep / mscep.dll)
- SCEP server challenge URL: Enter here the URL, from which the challenge password will be read: http://< SCEP_server_address>/certsrv/mscep_admin (example: http://192.168.149.51/certsrv/mscep_admin)
- SCEP server challenge pattern: This is the search pattern for reading the challenge password. With Windows SCEP servers keep the default value.
- SCEP issuer thumbprint: This is the SCEP server’s CA certificate thumbprint – necessary for Android MDM.
- Confirm with OK.