Sectigo.com
Shop Enterprise Partners Resources

Adding SCEP endpoints

Add a SCEP endpoint

  1. Navigate to Enrollment  SCEP.

  2. Click the Add icon.

  3. In the Create Enrollment Endpoint dialog, provide a name to help identify the endpoint.

  4. Select the type of certificate to be issued through the endpoint.

  5. Click Next.

  6. Complete the Details tab based on the information provided in the following table.

    Field Description

    URI Extension

    The URI extension used to create a unique URL for the endpoint that SCEP clients will use to connect to the SCM SCEP server.

    Organization

    The organization to which the endpoint belongs.

    The organization cannot be changed once the endpoint is created.

    This is available only for Intune SCEP endpoints.

    Department

    The department to which the endpoint belongs.

    The department cannot be changed once the endpoint is created.

    This is available only for Intune SCEP endpoints.

    Profile

    The certificate profile used when enrolling certificates through the endpoint.

    This is available only for Intune SCEP endpoints.

    Term

    The validity period of certificates issued through the endpoint.

    This is available only for Intune SCEP endpoints.

  7. Complete the Configuration tab based on the information provided in the following table.

    Field Description

    SCEP RA Certificate

    The SCEP RA certificate used to sign SCEP responses. This RA certificate must be provided during the configuration of the SCEP client.

    SCEP RA certificates are created by Sectigo. For more information, contact your Sectigo account manager.

    GetCACert Response Format

    The format of the response to the GetCACert request.

    • Single PEM — The certificate is returned in .pem format.

    • Chain in CMS — The certificate and any intermediate certificates are returned in .cms format.

    GetCert Response Format

    The format of the response to the GetCert request.

    • Single Certificate — Only the certificate is returned.

    • Full Chain — The certificate, any intermediate certificates, and the root certificate are returned.

    Azure Account

    The SCM Azure account used to authenticate the endpoint.

    This is available only for Intune SCEP endpoints.

  8. Click Save.

Add an account to a SCEP endpoint

Accounts are only added to regular SCEP endpoint accounts. Intune SCEP endpoints are connected directly to an SCM Azure account during configuration.

  1. Navigate to Enrollment  SCEP.

  2. Select the SCEP endpoint you want to add an account to, and click Accounts.

  3. Click the Add icon.

  4. Complete the Create SCEP account dialog based on the information provided in the following table.

    Field Description

    Name

    The name of the account.

    Organization

    The organization to which the account belongs.

    The organization cannot be changed once the account is created.

    Department

    The department to which the account belongs.

    The department cannot be changed once the account is created.

    Profile

    The certificate profile used when enrolling certificates through the account.

    Term

    The validity period of certificates issued through this account.

    Access Code

    The access code used to authenticate to the account.

  5. Click Save.