{"id":2774,"date":"2024-03-28T05:16:01","date_gmt":"2024-03-28T04:16:01","guid":{"rendered":"https:\/\/kb.apptec360.com\/manual\/?post_type=knowledgebase&#038;p=2774"},"modified":"2024-05-06T06:43:21","modified_gmt":"2024-05-06T04:43:21","slug":"scep","status":"publish","type":"knowledgebase","link":"https:\/\/kb.apptec360.com\/manual\/knowledgebase\/configuration-windows-10-pc\/general\/security-management\/certificate-management\/scep\/","title":{"rendered":"SCEP"},"content":{"rendered":"\n<table id=\"tablepress-314\" class=\"tablepress tablepress-id-314\">\n<caption style=\"caption-side:bottom;text-align:left;border:none;background:none;margin:0;padding:0;\"><a href=\"https:\/\/kb.apptec360.com\/manual\/wp-admin\/admin.php?page=tablepress&amp;action=edit&amp;table_id=314\" rel=\"nofollow\">Edit<\/a><\/caption>\n<tbody class=\"row-hover\">\n<tr class=\"row-1 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Description<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>SCEP Server description<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-2 even\">\n\t<td class=\"column-1\"><br>\n        <p>Deployment Scope<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Certificate deployment scope: Current Device vs User<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-3 odd\">\n\t<td class=\"column-1\"><br>\n        <p>SCEP Server URLs<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>One or more servers that issue certificates through SCEP<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-4 even\">\n\t<td class=\"column-1\"><br>\n        <p>Subject<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Representation of a X.500 name. E.g. &#8220;C=US, O=Microsoft Corporation, CN=foo, 1.2.5.3=bar&#8221;<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-5 odd\">\n\t<td rowspan=\"4\" class=\"column-1\"><br>\n        <p>Subject alternative names<\/p><br>\n      <\/td><td rowspan=\"4\" class=\"column-2\"><br>\n        <p>Type<\/p><br>\n      <\/td><td colspan=\"3\" class=\"column-3\"><br>\n        <p>Email address<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-6 even\">\n\t<td colspan=\"3\" class=\"column-3\"><br>\n        <p>DNS<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-7 odd\">\n\t<td colspan=\"3\" class=\"column-3\"><br>\n        <p>URI<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-8 even\">\n\t<td colspan=\"3\" class=\"column-3\"><br>\n        <p>User Principal Name (UPN)<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-9 odd\">\n\t<td class=\"column-1\"><br>\n        <p>CA Fingerprint<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>The SHA1 fingerprint of the Certificate Authority certificate. E.g. 31:8F:1E:78:5C:D5:12:9F:7E:3B:AD:F3:1C:C0:19:03:96:43:A9:E5<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-10 even\">\n\t<td class=\"column-1\"><br>\n        <p>Validity period units<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Days, Months or Years<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-11 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Validity period<\/p><br>\n      <\/td><td class=\"column-2\"><\/td><td class=\"column-3\"><\/td><td class=\"column-4\"><\/td><td class=\"column-5\"><\/td>\n<\/tr>\n<tr class=\"row-12 even\">\n\t<td class=\"column-1\"><br>\n        <p>Challenge<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Used as the pre-shared secret for automatic enrollment<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-13 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Retries<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>The number of times the device should retry if the server sends a PENDING response. The default value is 5. Maximum value is 30.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-14 even\">\n\t<td class=\"column-1\"><br>\n        <p>Retry delay<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Number of minutes to wait before retry. The default value is 5. The minimum value is 1.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-15 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Key size<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Key size in bits<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-16 even\">\n\t<td class=\"column-1\"><br>\n        <p>Hash algorithm<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Hash algorithm family<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-17 odd\">\n\t<td class=\"column-1\"><br>\n        <p>Key usage<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate. At least one of the &#8220;Digital signature&#8221; or &#8220;Key encipherment&#8221; needs to be selected.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-18 even\">\n\t<td class=\"column-1\"><br>\n        <p>Extended key usage<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>Specifies extended key usages.Subject to SCEP server configuration. Specify the list of corresponding OIDs, e.g. 1.3.6.1.5.5.7.3.2 (Client Authentication)<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-19 odd\">\n\t<td rowspan=\"6\" class=\"column-1\"><br>\n        <p>Key location<\/p><br>\n      <\/td><td colspan=\"4\" class=\"column-2\"><br>\n        <p>The Key Storage Provider to install the private key to.<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-20 even\">\n\t<td class=\"column-2\"><\/td><td colspan=\"3\" class=\"column-3\"><br>\n        <p>TPM. Fail if no TPM present<\/p><br>\n      <\/td>\n<\/tr>\n<tr class=\"row-21 odd\">\n\t<td colspan=\"3\" class=\"column-2\"><br>\n        <p>TPM. If no TPM present, fallback to Software KSP<\/p><br>\n      <\/td><td class=\"column-5\"><\/td>\n<\/tr>\n<tr class=\"row-22 even\">\n\t<td colspan=\"3\" class=\"column-2\"><br>\n        <p>Software Key Storage Provider<\/p><br>\n      <\/td><td class=\"column-5\"><\/td>\n<\/tr>\n<tr class=\"row-23 odd\">\n\t<td rowspan=\"2\" class=\"column-2\"><br>\n        <p>Windows Hello for Business<\/p><br>\n      <\/td><td class=\"column-3\"><br>\n        <p>Container name<\/p><br>\n      <\/td><td class=\"column-4\"><br>\n        <p>Specifies the Windows Hello for Business (formerly known as Microsoft Passport for Work) container name.<\/p><br>\n      <\/td><td class=\"column-5\"><\/td>\n<\/tr>\n<tr class=\"row-24 even\">\n\t<td class=\"column-3\"><br>\n        <p>PIN prompt text<\/p><br>\n      <\/td><td class=\"column-4\"><br>\n        <p>Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment.<\/p><br>\n      <\/td><td class=\"column-5\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n<div class=\"pagebreak-after\"><\/div>\n","protected":false},"parent":2762,"menu_order":0,"template":"","class_list":["post-2774","knowledgebase","type-knowledgebase","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/2774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase"}],"about":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/types\/knowledgebase"}],"version-history":[{"count":4,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/2774\/revisions"}],"predecessor-version":[{"id":6934,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/2774\/revisions\/6934"}],"up":[{"embeddable":true,"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/knowledgebase\/2762"}],"wp:attachment":[{"href":"https:\/\/kb.apptec360.com\/manual\/wp-json\/wp\/v2\/media?parent=2774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}