Configuring SCEP

To perform client certificate enrollments using SCEP protocol, the admin or a privileged user needs to first set up the SCEP server agent using the AppViewX portal. Upon successful set up of the SCEP server Agent through the portal, a URL will be generated. Clients can then use this URL to send enrollment requests to AppViewX via SCEP.

The detailed steps for setting up the SCEP server agent are listed below:

  1. Log in to AppViewX application with admin or privileged user credentials.
  2. Click the menu button located in the upper left corner of the screen.
    The left navigation pane appears.
  3. Navigate to CERT+ > ADMINISTRATION > Auto Enrollment > SCEP.
  4. Select Add or Configure Now.
  5. Configure the Agent Details details as follows:
    Field Name Description Validation
    * Name A unique name to identify the agent setting. No special characters other than ‘.’, ‘-’,’_’ are allowed. The name should not start with special characters.
    * Host

    The IP address of the AppViewX node.

    		 Invalid IP address(example: xxx.xxx.xxx.xxx)
    * Port HTTP gateway port of the AppViewX node. Port will accept only numerical values between 0 to 65535.
    Challenge Password A challenge token to be used while enrolling certificates. NA


  6. Configure the CA Accounts details as follows:
    Field Name Description Validation
    * Certificate Group Select a specific group under which certificate needs to be enrolled. NA
    * Certificate Type

    Select a specific certificate type (Server / Client) to be enrolled.

    		 NA
    * Select CA

    Select a specific CA from which the certificate needs to be enrolled.

    Note:
    • If the selected CA is Ejbca, a separate section displaying Vendor Specific Details is displayed after the CA Accounts section.

      Under the Vendor Specific Details section, select/enter the required details.
    • If the selected CA is Microsoft Enterprise, a separate section displaying Vendor Specific Details is displayed after the CA Accounts section.

      Under the Vendor Specific Details section: Select the required Template Name.
    		 NA
    * CA Account Select a specific CA Account from the selected CA which is to be used for certificate creation operations. NA
    * Server Certificate Type 3 or more letters of the certificate keywords after which a list of server certificates issued from the above selected CA account will be displayed, one certificate can be selected for further communications with SCEP client machine. NA
    * CA Connector Name Name of the CA connector after certificate is being enrolled. NA
    * Certificate Validity Validity of the certificate to be enrolled. Certificate validity accepts only numerical values


  7. Configure the Advanced Settings details as follows:
    Field Name Description Validation
    * Include Truststore Certificates Select whether issuer certificate needs to be sent to client machines after enrolment. NA
    * Retry Count

    Specify a retry count upto which the agent will retry for the certificate to be fetched.

    		 NA
    * Retry Frequency Specify a retry frequency upto which the agent will wait for each retry count. NA
    * Certificate Poll Type The client agent will use this field to poll the issued certificate from agent to subsystem certificate plugin. NA


  8. Click Save.