Sectigo.com
Shop Enterprise Partners Resources

Understanding SCEP endpoints

SCM supports the enrollment and management of client and device certificates through the Simple Certificate Enrollment Protocol (SCEP). The SCEP protocol is commonly used in Mobile Device Management (MDM) systems, such as Microsoft Intune, and networking hardware for certificate enrollment.

Access to SCEP endpoints is granted differently depending on the type of endpoint:

  • SCEP — Access is granted through accounts specifically created for each endpoint. These accounts are associated with specific organizations and departments in SCM.

  • Intune SCEP — Access is managed by connecting the Intune SCEP endpoint to an SCM Azure account during configuration.

For more information on SCEP, see What Is SCEP?, or SCEP RFC 8894.

SCEP enrollment endpoints can be managed on the SCEP page.

SCEP page

The following table describes the controls on the SCEP page.

Column Description

Name

The name of the SCEP enrollment endpoint.

URL

The URL used to access the enrollment endpoint.

Type

The type of certificate available through the enrollment endpoint.

The possible values are:

  • Client certificate SCEP

  • Device certificate SCEP

  • Client certificate Intune SCEP

  • Device certificate Intune SCEP

Delegation Mode

The delegation mode of the SCEP enrollment endpoint.

The possible values are:

  • General — The enrollment endpoint is available for all organizations and departments.

  • Customized — The enrollment endpoint form is available for only the selected organizations and departments.

Table controls

Filter

Enables you to sort the table information using custom filters.

Group

Enables you to sort the table information using predefined groups.

Refresh

Refreshes the information presented in the table.

Admin controls

Add

Opens the Create Enrollment Endpoint dialog where you can add a new SCEP endpoint.

SCEP RA Certificates

Opens the SCEP RA Certificates dialog where you can view and download the SCEP RA certificates.

SCEP RA certificates are configured by Sectigo. For more information, contact your Sectigo account manager.

Delete

Removes the selected SCEP endpoint.

Edit

Opens the Edit Enrollment Endpoint dialog where you can manage an existing SCEP endpoint.

Delegate

Opens the Delegate Enrollment Endpoint dialog where you can manage which organizations and departments the SCEP endpoint is delegated to.

Accounts

Opens the Web Form Accounts dialog where you can manage the accounts that can access the SCEP endpoint.

View Audit

Opens the Enrollment Endpoint Audit dialog where you can view or download audit logs.