Configuring the certificate template on the SCEP server
Follow these steps to configure a certificate template on the SCEP server for use with MaaS360®.
Before you begin
If you already have a working template, use the instructions in this procedure to confirm that your template is configured correctly.
Procedure
- Open the Server Manager and select . Select your Certificate Authority, right-click on
Certificate Templates, and then click Manage.
- Right-click .
Note:- Do not duplicate a user template. Microsoft SCEP does not work with user templates.
- If your template is based on a user template, create a new template based on the computer template.
- Devices do not differentiate between a certificate from a user template and a device template. All certificates are treated as user certificates on the iOS device.
- From the Compatibility tab, select Windows Server
2016 as the minimum supported CA version. (Windows Server 2012 and 2012 R2 are reaching
the end of support by Microsoft. For more information about the end of support for Windows Server
2012 and 2012 R2, see https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support.)
The New Template Properties window is displayed. - From the General tab, complete the following steps:
- Provide a template display name.
- Copy the template name (without spaces) to use later.
- Optional: Select Publish certificate in Active Directory.
- From the Request Handling tab, select the following options:
- Include symmetric algorithms allowed by the subject
- Optional: Allow private key to be exported
- From the Subject Name tab, select Supply in the
request. The Cloud Extender® template supplies the subject.
- From the Extensions tab, complete the following steps:
- Add Client Authentication and Server Authentication.
- Optional: Add Encrypting File System and Secure Email.
- Confirm Subject Type = Computer for Certificate Template Information.
