SCEP

This section refers to the SCEP protocol, as described by RFC 8894.

SCEP Profile

This section details how to configure the SCEP Profile

Prerequisites

PKI Connector

SCEP Authority

How to configure SCEP Profile

1. Log in to Horizon Administration Interface.

2. Access SCEP Profile from the drawer or card: Protocol > SCEP.

3. Click on Add SCEP Profile.

4. Fill in the mandatory fields.

General

  • Name* (string input):
    Enter a meaningful profile name. It must be unique for each profile. Horizon use the name to identify the profile.

  • Enabled (boolean):
    Tells whether the profile is enabled or not. The default value is set to true.

  • PKI Connector* (select):
    Select a PKI connector previously created.

  • Max certificate per holder (int):
    When specified, define the maximum number of active certificates for a given Holder.

  • Enabled NDES emulation mode (boolean):
    Tells whether the NDES emulation mode is enabled or not. The defaults value is set to false.

  • DN Whitelist* (boolean):
    Tells whether the DN whitelist is enabled or not. The default value is set to false.

SCEP protocol parameters

  • Mode* (select):
    Choose from the two modes RA or CA. The default value is set to RA.

  • SCEP Authority* (select):
    Select a previously created SCEP Authority.

  • CAPS* (select):
    Select a caps from the list. The default value is set to SHA.

  • Encryption algorithm* (select):
    Select an encryption algorithm from the list.

    • Password policy (select):
      Select a previously created password policy. It is used for the challenge generation.

Renewal management

  • Renewal period (finite duration):
    Must be in valid finite duration.

  • Revocation on SCEP renew?* (boolean):
    The previous certificate will be revoked on renew if true. The default value is set to false.

  • Revocation reason* (select):
    Select the reason from the list. Available only if "revocation on SCEP renew" value is set to true.

Self Permissions

  • Revoke (boolean):
    Tells whether self revoke permission is granted or not. The default value is set to false.

  • Request Revoke (boolean):
    Tells whether self request revoke permission is granted or not. The default value is set to false.

  • Update (boolean):
    Tells whether self update permission is granted or not. The default value is set to false.

  • Request Update (boolean):
    Tells whether self request update permission is granted or not. The default value is set to false.

You can further configure the profile using the Common configuration profile and Notification tabs.

5. Click on the save button.

You can edit Edit SCEP Profile, duplicate Duplicate SCEP Profile or delete Delete SCEP Profile the SCEP Profile.

You won’t be able to delete a SCEP Profile if this one is referenced somewhere else.