Entrust PKI Hub 1.0 - Installation and Administration Guide [PDF]

Microsoft Intune must be configured to use one of the following URLs to communicate with Certificate Enrollment Gateway:

The following Intune-SCEP enrollment URL requires the trailing forward slash (/). To support macOS (Apple) devices, the URL must start with http instead of https.

http://<CEG-server>/scep/<tenant-ID>/<CA-ID>/<profile-ID>/intune/

https://<CEG-server>/scep/<tenant-ID>/<CA-ID>/<profile-ID>/intune/

Where:

<CEG-server> is the hostname or IP address of the Certificate Enrollment Gateway server.
<tenant-ID> is the unique identifier of a tenant defined in Certificate Enrollment Gateway. The value is case-sensitive.
<CA-ID> is the CA ID of the Certificate Authority (CA) defined in CA Gateway that will issue certificates to the SCEP client.
<profile-ID> is the profile ID defined in CA Gateway that defines the certificate type issued to the SCEP client. For Entrust PKI as a Service, the profile ID is one of the following:
- intune-digital-signature-key-encipherment
- intune-digital-signature
- intune-key-encipherment
- intune-non-repudiation

For example:

http://cegserver.example.com/scep/tenant1/example_ca1/intune-digital-signature-key-encipherment/intune/

https://cegserver.example.com/scep/tenant1/example_ca1/intune-digital-signature-key-encipherment/intune/