Simple Certificate Enrollment Protocol

The Simple Certificate Enrollment Protocol (SCEP) is a service that automatically requests and renews certificates for large deployments of endpoints and software clients.

The SCEP service triggers when you boot up the system, unplug and replug the LAN, or enable the service in the web user interface. The system checks the system’s certificate data to obtain digital certificates based on the following criteria:
  • If the certificate doesn’t exist, the SCEP service initiates the enrollment process.
  • If the certificate exists, the SCEP service verifies the renewal and expiration dates and does one of the following:
    If the current date is... The service...
    Before the renewal date Looks for a time thread and creates one if none exist.
    On or after the renewal date but on or before the expiration date Initiates the renewal process.
    After the expiration date Removes the certificate using a system module and initiates the enrollment process.
Note: You can configure the renewal date in the SCEP settings.
Note the following information regarding SCEP:
  • When the SCEP installs a new certificate in a RealPresence Group Series system, it ignores the existing manually installed SCEP certificate.
  • Update the challenge password manually.
  • The SCEP server communicates only through HTTP, and the system only supports one SCEP server at a time.
  • The maximum key size supported for the RSA key is 2048 bit.