To configure Certificate Enrollment Gateway for SCEP enrollment, you must configure the SCEP enrollment settings in Certificate Enrollment Gateway. You can edit the SCEP enrollment settings using the Management Console interface.
To configure Certificate Enrollment Gateway for SCEP enrollment
- Log in into the Management Console as explained in Logging into the Management Console.
- In the Certificate Enrollment Gateway pane, click Manage Solution.
A Certificate Enrollment Gateway page appears. - In the left navigation bar, click Configuration.
A Product Configuration pane appears. - Turn on Enable Advanced Configuration.
- Click Next.
- For all SCEP-related protocols (SCEP, MDM-SCEP, and Intune-SCEP), Certificate Enrollment Gateway uses RA certificates to sign and encrypt SCEP PKI messages. For an on-premises CA, you must specify one or more profiles that are defined in CA Gateway used to issue RA certificates.
- Click the CAGW tab.
Configure the RA Certificate Profile IDs setting.
- Click the SCEP tab and configure the following settings.
- Configure any other settings if required.
- After configuring the settings, click Validate to validate the settings.
If any configuration errors are detected, correct the errors then click Validate again. - After validating the configuration settings, click Next.
Entrust PKI Hub uploads the configuration and any attached files, such as P12 credentials. - In the Product Deployment Status pane, re-deploy Certificate Enrollment Gateway with the updated configuration file by clicking Deploy.
A dialog box appears, prompting you to confirm the operation. Click Yes to confirm the operation and deploy the Certificate Enrollment Gateway solution.