Requesting Endpoint Certificates Using SCEP (Enterprise)¶
Simple Certificate Enrollment Protocol (SCEP) lets you simplify the retrieval and installation of digital certificates by enabling devices to obtain certificates automatically from a SCEP server.
Important: SCEP not supported on Remote Workstation Cards
Remote Workstation Cards cannot obtain a SCEP certificate from the PCoIP Management Console.
Tip: Organize endpoints into groups
Before you create an endpoint certificate, organize your endpoints into groups. See Organizing Endpoints into Groups.
Info: REQUEST CERTIFICATE option not enabled
Your PCoIP Zero Client must belong to the group defined in your SCEP certificate rule before the REQUEST CERTIFICATE option is enabled.
Info: View certificate information
PCoIP Management Console Enterprise Edition release 2.5+ users can reference SCEP certificate information displayed on the dashboard. This window is limited to SCEP issued certificates.
To create an endpoint certificate rule:
-
Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.
-
Click NEW CERTIFICATE RULE.
-
In the Groups field, click ADD to add a group that was set up on the ENDPOINTS page. If required, you can remove a group by highlighting it and clicking REMOVE.
-
In the Server URI, field, type the Uniform Resource Identifier (URI) of the SCEP server that is configured to issue certificates for the group.
-
In the Server Password field, type the password for the SCEP server.
-
In the CA Identifier field, type the certification authority issuer identifier if your SCEP server requires it (the CA Identifier is supported for devices running firmware 5.4 or later). A CA Identifier is any string that is understood by the SCEP server (for example, a domain name).
-
In the Use Certificate for 802.1X field, select True to configure 802.1x on the endpoint with SCEP certificates.
Info: PCoIP Zero Clients and 802.1X
PCoIP Zero Clients can be configure to use 802.1x with SCEP certificates, and have the endpoint present this certificate to the 802.1x authenticator.
-
PCoIP Zero Clients support 802.1X authentication, which prevents unauthorized devices from gaining access to local area networks (LANs).
-
Click SAVE.
To view an endpoint certificate rule:
-
Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.
-
Click VIEW to review the details of an endpoint certificate rule.
-
If there is more than one endpoint certificate rule, click PREV or NEXT to view additional certificate rules.
To edit an endpoint certificate rule:
-
Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.
-
Highlight a certificate rule that you want to edit.
-
Click EDIT to revise an endpoint certificate rule.
To delete an endpoint certificate rule:
-
Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.
-
Highlight a certificate rule that you want to delete.
-
Click DELETE to delete an endpoint certificate rule.
-
In the DELETE CERTIFICATE RULE dialog box, click DELETE.