For MDM-SCEP enrollment, you must add the following certificate types to Entrust Certificate Authority.
- signing
- encryption
- dual usage (signing and encryption)
- non-repudiation
See below for the required steps.
To add MDM-SCEP certificate types
- Log into Entrust Certificate Authority Administration.
- Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
- Open the certificate specifications file in a text editor.
Add the following lines to the
[Certificate Types]section.; ----------------------------------------------------------------------; Certificate types to be used with MDM for SCEP Enrollments; ----------------------------------------------------------------------ent_mdm_scep_sig=enterprise,MDM-SCEP Signing,MDM-SCEP Signing Certificateent_mdm_scep_enc=enterprise,MDM-SCEP Encryption,MDM-SCEP Encryption Certificateent_mdm_scep_sig_enc=enterprise,MDM-SCEP Signing and Encryption,MDM-SCEP Signing and Encryption Certificateent_mdm_scep_nonrep=enterprise,MDM-SCEP Signing and Nonrepudiation,MDM-SCEP Signing and Nonrepudiation Certificate; ----------------------------------------------------------------------Add the following lines to the
[Extension Definitions]section.; ----------------------------------------------------------------------; Certificate definitions to be used with MDM for SCEP Enrollments; ----------------------------------------------------------------------[ent_mdm_scep_sig Certificate Definitions]1=Verification_p10[ent_mdm_scep_sig Verification_p10 Extensions]keyusage=2.5.29.15,n,m,BitString,1[ent_mdm_scep_sig Advanced]noUserInDirectory=1[ent_mdm_scep_enc Certificate Definitions]1=Encryption_p10[ent_mdm_scep_enc Encryption_p10 Extensions]keyusage=2.5.29.15,n,m,BitString,001[ent_mdm_scep_enc Advanced]noUserInDirectory=1[ent_mdm_scep_sig_enc Certificate Definitions]1=Dual Usage[ent_mdm_scep_sig_enc Dual Usage Extensions]keyusage=2.5.29.15,n,m,BitString,101[ent_mdm_scep_sig_enc Advanced]noUserInDirectory=1[ent_mdm_scep_nonrep Certificate Definitions]1=Nonrepudiation[ent_mdm_scep_nonrep Nonrepudiation Extensions]keyusage=2.5.29.15,n,m,BitString,11[ent_mdm_scep_nonrep Advanced]noUserInDirectory=1;------------------------------------------------------------------------ Save and close the file.
- Import the certificate specifications back into Entrust Certificate Authority. In Entrust Certificate Authority Administration, select File > Certificate Specifications > Import.