How To Connect SCEP CA To Manage Engine MDM Plus

EZCA, the fist Azure based PKI, enables you to create a secure and compliant certificate authority in Azure in minutes one of the MDMs we are happy to integrate with is ManageEngine Mobile Device Manager Plus. In this page we will guide you on how to connect your CA to ManageEngine MDM Plus.

Prerequisites - Create your Cloud Certificate Authority

  1. This page assumes that you have already created your SCEP CA.

How to Issue SSL Certificates in ManageEngine Mobile Device Manager Plus - Video Version

How To Connect Your CA to ManageEngine MDM Plus For SCEP Certificate Issuance

  1. The first step, is to download your CA certificate. To do this, navigate to the EZCA portal (If you have your private instance go to that specific portal)
  2. Login with an account that is registered as a PKI Admin in EZCA.
  3. Navigate to Certificate Authorities. View my cloud based CAs
  4. Click on the “View Details” CA you want to connect to ManageEngine MDM Plus. View SCEP CA Details
  5. Click on the “Download CA Certificate” button. Download CA Certificate
  6. Repeat this step for all locations of the CA.
  7. If you also have a Root CA, download the Root CA certificate as well.
  8. In another Tab, navigate to your ManageEngine MDM Plus portal.
  9. Click on the device Mgmt tab and Select Certificates in the left menu. ManageEngine MDM Plus Certificates
  10. Click on the “CA Severs” tab at the top.
  11. Click on the “Add CA Server” button. ManageEngine MDM Plus Add CA Server
  12. Select the “Generic SCEP” option.
  13. Enter a CA Name (this is just so you identify it under ManageEngine MDM Plus).
  14. Go Back to your EZCA tab, in the CAs list, and click “View Requirements” for the CA you want to connect to ManageEngine MDM Plus.
  15. Ensure “Enable SCEP Static Challenge” is checked. If not, Check the option and click “Save Changes” on the top right.
  16. Now you will copy the Static Challenge SCEP URL Enable SCEP Static Challenge
  17. Go back to your ManageEngine MDM Plus tab, and paste the URL in the “SCEP Server URL” field.
  18. Click the “Add Certificate Link” Past SCEP Certificate Authority URL in Manage Engine MDM Plus
  19. Select your SCEP CA certificate from your computer.
  20. Click the “Add Certificate Button”
  21. Click the “Save” button. Past SCEP Certificate Authority URL in Manage Engine MDM Plus
  22. Enter a Certificate Template Name (this is for reference in the ManageEngine MDM Plus portal).
  23. Enter the Subject Name (this is the name of the certificate that will be issued to the device). You can do dynamic names based on the user requesting them with their keywords for example CN=%USERNAME% will issue the certificate with the username of the user requesting the certificate.
  24. If your infrastructure requires, add the settings for Subject Alternative Name (SAN) of the certificate, this field is also commonly used for certificate authentication.
  25. Enter the maximum number of attempts for a failed request and how long to wait between failed attempts.
  26. In Challenge Type, select “Static”.
  27. Go Back to the EZCA Tab, and copy the “SCEP Challenge”. Get SCEP Certificate Authority Challenge from EZCA Manage Engine MDM Plus
  28. Paste the SCEP Challenge in the “SCEP Challenge” field in ManageEngine MDM Plus. Paste SCEP Challenge in Manage Engine MDM Plus for automated certificate issuance
  29. Set the Key Size to 2048.
  30. Select what you want your users to use the Key for (Digital Signature and/or Key Encipherment).
  31. Set the Certificates to Automatically Renew.
  32. Click the “Save” button. Save SCEP Certificate Authority in Manage Engine MDM Plus
  33. If you also have a root certificate, Go to the Certificates Tab and Also add that certificate.

How To Create Your Manage Engine MDM Plus Profile

  1. In the ManageEngine MDM Plus portal, click on the “Profiles” menu on the left.
  2. Click “Create Profile” and select your desired platform.
  3. Enter a name for the profile.
  4. Click Continue.
  5. On the Left Menu, click on “SCEP”.
  6. Select your SCEP template we created above.
  7. Click “Save”. Select SCEP profile in ManageEngine MDM Plus
  8. On the left menu, click on “Certificate”.
  9. Select the SCEP certificate we created above.
  10. Click “Save”.
  11. Add any other settings you might want to add to this profile, and then click publish. Select SCEP certificate in ManageEngine MDM Plus
  12. If you also have a Root CA, create another profile to push that certificate to the certificate root store of your computer.
  13. Now you can assign this profile to your devices.
  14. Assign it to your fist device and verify that your certificate was issued.