Configure the following settings for each SCEP Enrollment Service Configuration.
CAGW CA ID
The CA identifier (CA ID) of the CA for certificate enrollments. as defined in Entrust PKI as a Service or an on-premises CA Gateway.
Mandatory: Yes.
SCEP Challenge Password
A challenge password for SCEP clients.
This setting only applies to requests sent through the SCEP Service. It does not apply to requests sent through the Intune-SCEP Service because Microsoft Intune validates these requests.
Mandatory: When the Insecure SCEP (Permit an empty challenge password) box is not checked.
Insecure SCEP (Permit an empty challenge password)
Check this box to allow an empty SCEP Challenge Password; uncheck this box to make the challenge password mandatory.
Deliberately configuring SCEP without a challenge password can be a security risk.
Mandatory: No. This box is unchecked by default.
Revoke Old Certificate on Renewal
Check this box to revoke the old certificate with the "Superseded" reason after issuing the new certificate. Uncheck this box for the old certificate to be valid after the new certificate is issued.
This setting only applies to requests sent through the SCEP Service. It does not apply to requests sent through the Intune-SCEP Service because Microsoft Intune validates these requests.
Mandatory: No. By default, this box is not checked.