SCEP – WindowsTechs.com

What’s the best practice for server certificate issuance protocols in mixed environments?

Posted on September 8, 2021 by joshhemphill

In mixed Windows/Linux environments what’s the best practice for issuing server certificates?
If you use Windows MSCA PKI, you’re kind of stuck with using previous certificates to authenticate the renewals on non-domain machines using NDES… Continue reading What’s the best practice for server certificate issuance protocols in mixed environments?→

SCEP certificate renewal – NDES event id:28

Posted on May 10, 2021 by azurtem

A customer of mine is attempting to configure a router so that it will authenticate with their client’s NDES server; using SCEP to sign its certificate
I had previously set up a SCEP requestor prototype for my customer using FreeRadius/Deb… Continue reading SCEP certificate renewal – NDES event id:28→

Why one should prefer EST protocol instead of SCEP?

Posted on July 6, 2016 by tysonite

For many years SCEP was a simple and widely used protocol for obtaining X.509 certificates. However, not too so long ago another protocol called EST (RFC 7030) was developed.

What are the main reasons to move out from SCEP i… Continue reading Why one should prefer EST protocol instead of SCEP?→

Why one should prefer EST protocol instead of SCEP?

Posted on July 6, 2016 by tysonite

For many years SCEP was a simple and widely used protocol for obtaining X.509 certificates. However, not too so long ago another protocol called EST (RFC 7030) was developed.
What are the main reasons to move out from SCEP in favor of EST?… Continue reading Why one should prefer EST protocol instead of SCEP?→

Shields up on potentially unwanted applications in your enterprise

Posted on November 26, 2015 by msft-mmpc

Has your enterprise environment been bogged down by a sneaky browser-modifier which tricked you into installing adware from a seemingly harmless software bundle? Then you might have already experienced what a potentially unwanted application (PUA) can do. The good news is, the new opt-in feature for enterprise users in Windows can spot and stop PUA… Continue reading Shields up on potentially unwanted applications in your enterprise→

Setup local Certificate Authority & integrate with SCEP

Posted on December 29, 2014 by rookie_ron

I want setup local Certificate Authority and issue X.509 certificates under my CA. In order to achieve this I am exploring following options such as:

OpenSSL/OpenCA
BouncyCastle Cryptographic APIs

Further I want to use SCEP to enroll t… Continue reading Setup local Certificate Authority & integrate with SCEP→

Is SCEP safe if I use a different long and complex password per enrollment, and validate it against expected parameters?

Posted on June 21, 2014 by makerofthings7

I’m considering using SCEP to enroll iPads and other devices in my network. The iOS configuration profile allows me to configure a different password for each device.

Is it valid, and safe for me to issue many different SCEP passwords, a… Continue reading Is SCEP safe if I use a different long and complex password per enrollment, and validate it against expected parameters?→

Updating Root/Intermediate Certificates over NDES/SCEP

Posted on June 9, 2014 by Mike Soule

In attempts to setup our first instance of NDES/SCEP in the wild on Cisco routers we have run into a concern.
Currently our organization has a three tier PKI. We have an AD CS server on the third tier running NDES. All aspects of the syste… Continue reading Updating Root/Intermediate Certificates over NDES/SCEP→