Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

SCEP support in Certificate Manager

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Dec 11, 2023 by Ylva AnderssonVersion comment
2 min read

This article is valid for Certificate Manager 8.5 and later.

This article describes the support for the Simple Certificate Enrollment Protocol (SCEP) in Smart ID Certificate Manager via Protocol GatewaySimple Certificate Enrollment Protocol is a protocol for handling certificates for large-scale implementation to everyday users. 

The Certificate Manager SCEP service is used to enroll end-entity certificates on request from hardware components, such as routers and firewalls. The SCEP service is compliant with the Internet Draft draft-nourse-scep-23. For more information, see Internet draft - Simple Certificate Enrollment Protocol

Protocol Gateway provides security by supporting the SCEP security features, the device registration procedure and a unique feature to verify signed SCEP requests, useful when using device management solutions. For more details on the SCEP implementation, see Notes on SCEP implementation in Certificate Manager.

Example configuration

For more information, see Example: SCEP configuration in Protocol Gateway

SCEP Intune support

Certificate Manager can be used as a third-party CA with Microsoft Intune to issue and validate certificates using Simple Certificate Enrollment Protocol (SCEP). Certificate Manager supports SCEP Intune with Microsoft Azure for all SCEP Intune certified devices. For more information, see Example: SCEP Intune configuration in Protocol Gateway

For each configured Intune handler, a revocation polling thread is started that periodically attempts to retrieve revocation data from Intune, if available. Click here for a list describing what type of actions that causes SCEP-issued certificates to be revoked: https://docs.microsoft.com/en-us/mem/intune/protect/remove-certificates.

SCEP NDES support

Certificate Manager supports SCEP with static and dynamic challenge passwords. SCEP with dynamic challenge passwords is complying to Microsoft's Network Device Enrollment Service (NDES) implementation.









SCEP support in Protocol Gateway
SCEP support in Protocol Gateway

Request certificate via SCEP and Protocol Gateway

Related information



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions