Simplified Certificate Enrollment Protocol (SCEP)
was used in a closed network where all end-points are
trusted. The goal of SCEP is to support the secure issuance of certificates
to network devices in a scalable manner. Within an enterprise domain,
it enables network devices that do not run with domain credentials
to enroll for certificates from a Certification Authority (CA).
At the end of the transactions that are defined in this protocol,
the network device has a private key and associated certificate that
is issued by a CA. Applications on the device may use the key and
its associated certificate to interact with other entities on the
network. The most common usage of this certificate on a network device
is to authenticate the device in an IPSec session.
ThinOS is treated as a network device. The functionality of ThinOS SCEP includes manual certificate request, automatic certificate
request, and automatic renewal of certificate.
Requesting certificate
manually
To request the certificate manually, do the following:
Go to System Tools > Certificates > Request Certificate.
The Request Certificate dialog box is displayed.
Enter the appropriate values in the Request Certificate dialog box, and then click the Request Certificate button.
The certificate
request is sent to the server, and the client receives the response
from server and installs both CA certificate and client certificate.
Click Ok to
save the changes.
NOTE:
The CA Certificate Hash type currently supports MD5, SHA1, and SHA256.
The request server URL can be an HTTP
or HTTPs link. You can add the protocol prefix before the URL.
Requesting certificate
automatically
Use INI parameters to automate the request, and renew the certificate process. Related INI parameters are of global scope
and should be used with INI parameter ScepAutoEnroll.
For more information about using the INI parameters,
refer to the latest Dell Wyse ThinOS INI Reference guide.