User's & Administrator's Manual Contents
Version 2.4 15 RXV81 MTR on Android Video Collaboration Bar
1.8 Certificate Enrollment using SCEP
The device supports certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)
using Microsoft’s Network Device Enrollment Service (NDES) server without using AudioCodes'
OVOC, thereby allowing device certificates and CA certificate provisioning to be scaled to multiple
devices.
After devices are provisioned with a SCEP-related configuration, they receive a CA certificate from
the NDES (via parameter ‘security/ca_certificate/0/uri’), issue a Certificate Signing Request (CSR)
to the NDES and receive a device certificate signed by the CA certificate (the one that the device
received from NDES).
Network administrators must configure the following three parameters:
◼ security/SCEPEnroll/ca_fingerprint
◼ security/SCEPEnroll/password_challenge
◼ security/SCEPServerURL
The next table shows the parameter descriptions.
Table 1-3: SCEP Parameters
security/SCEPEnroll/ca_fingerprint
Define the thumbprint (hash value) for the CA
certificate. Default value: NULL.
Network admins must set its value to (for
example):
3EBE50003ABF1DF5E6B5A3230B02B856
security/SCEPEnroll/password_challenge
Define the enrollment challenge password. Default
value: NULL.
Network admins must set its value to (for
example):
7A7F9FC4BB7625F0935E67EA6D6322ED
Define the NDES server’s URL. Default: NULL.
Network admins must set its value to (for
example):
https://ndes_derver
security/SCEPEnroll/renewal/advancethreshold
Define the renewal advance threshold of the
device certificate.
Configure between 50 and 100 (in units of
percentage)
Default: 80
This indicates that a renewal of the certificate
(device.crt) will be initiated when 80 percent of its
validity is reached.
security/SCEPEnroll/rollover/advancethreshold
Specify the threshold of the CA Root certificate’s
validity at which to initiate a renewal.
Configure between 50 and 100 (in units of
percentage).
Default: 90
This indicates a renewal of the certificate
(CAROOT.crt.) will be initiated when 90 percent of
its validity is reached.
To Next Page
Loading...
