Specifications
46
IGEL Technology GmbH IGEL Zero RFX 5.02.100
7.5. Simple Certificate Enrollment Protocol - SCEP
The SCEP allows the automatic provision of client certificates via an SCEP server and a certification
authority. This type of certificate is automatically renewed before it expires and can be used for purposes
such as network authentication (e.g. IEEE 802.1x).
A Microsoft Windows 2008 Server (MSCEP, NDES) for example can serve as a queried counterpart (SCEP
server and certification authority). More information can be found at Microsoft, e.g. in the white paper.
http://download.microsoft.com/download/a/d/f/adf2dba9-92db-4765-bf2d-34b1c8df9ca3/Microsoft%20S
CEP%20implementation%20whitepaper.doc
Enable certificate management via SCEP client (NDES) and then make the necessary configuration
settings.
7.5.1. Certificate
Under Certificate, specify the basic date for the certificate to be issued by the certification authority.
Type of CommonName
If the client automatically obtains its network name, DNS Name (auto) is a good
type of thin client certificate.
Organizational unit
Stipulated by the certification authority.
Organization
A freely definable designation for the organization to which the client belongs.
City, state, country
Enter the location of the client here.
RSA key length
Select a key length (one able to be used by the certification authority) for the
certificate that is to be issued.
7.5.2. Certification Authority
Enter the name of the certification authority (CA) and the hash value of the root certificate.
You will receive both of these from the certification authority.
7.5.3. SCEP
In addition to a certification authority, an SCEP server must also be defined.
Enter the address and query password for the SCEP server here.
The SCEP server generates the password as a one-time password. It is needed when a certificate is
requested for the first time. New certificates will be requested before the old ones expire. In this case,
the still-valid certificate will serve as a means of authentication.
For the purpose of checking validity, define an interval (checking frequency) and a period of time in
which certificate renewal must occur.