6. Web Interface
The E AP -TLS mode w indow opens.
Two choices are possible:
- Auto alignment via S CEP
- Manually provide Client & CA certificates
Using SCEP
Select the radio b utton next to Auto enrollment via SCEP an d click Next.
The Sim ple Certificate Enrolm ent Protocol (SCEP) is a protocol which ena bles issu ing and revoking of certificates in a scalable way.
SCEP support is included to allow a quicker and smoother integration of the ClickShare Base Unit and Buttons into the c orporate
network. Since m ost companies a re using Micro soft Windows Server and its active directory ( AD) to manage users and devices our
SCEP implementation is specifically targeted at the Network Device E nrolment Service (NDES) which is part of W indows Server
2008 R2 and Windows Server 2 012. No other SCEP server im plementations are supported.
Image 6-24
SCEP protocol
About NDES
The Network Device Enrolment Service is Microsoft’s server implementation of the SC EP protocol. If you want to enable EA P- TLS
using SCEP mak e sure NDE S is e nabled, config ured and r unning on your Windows Server. For mo re details about setting up NDE S,
please visit the M icrosoft website
3
. SCEP uses a so called “challenge passwo rd” in ord er to authenticate the enrollment request.
For NDES, this challenge can be retrieved from your server at: http(s)://[your-server-hostname]/CertSrv/mscep_admin.
If you ente r the necessary credentials into the setup wizard the Base Unit will automatically retrieve this challenge from the web
page and use it in the enrollment request thereby fully automating the process.
Necessary Data to continue:
Domain
The company domain for which you are enrolling, should match with the one defined in your Active
Directory.
SCEP ServerIP/host-
name
This is the IP or hostname of the Windows Server in your network running the NDES service. Since
Internet Information Services (IIS) supports both HTTP and HTTPS, also include which of the two you
want to u se. If not provided it will be default set to H TTP.
SCEP User name This is a user in your Active Directory which has the required permission to ac cess the NDES
service and request the challenge password. To be sure of this, the user should be part of the CA
Administrators group (in case of a stand-alone CA) or have enroll permissions on the configured
certificate templates.
SCEP Password This is the password of the User Account used as SCE P User nam e. T he password is never stored
on the Base Unit. It is only kept in memo ry just long enough to request the Challenge Password from
the server after which it is rem oved from memory immediately.
3. NDES White Paper: http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs-en-us.aspx
60 R5900004 CLICKSHARE 23/12/2014
To Next Page
Loading...
Need help?
General
