Updated Network Device Enrollment Service (aka SCEP) white paper


I have just updated this paper. Here is the latest draft: http://go.microsoft.com/fwlink/?LinkID=93875. In this paper, we cover Network Device Enrollment Service that allows certificate enrollment through the Simple Certificate Enrollment Protocol (http://tools.ietf.org/html/draft-nourse-scep-19). Specifically in this update, we’ve documented new functionality that allows for a single password mode and renewal based on an existing certificate.


 Alex Radutskiy


Program Manager, Windows Security


Comments (2)

  1. Anonymous says:

    Hello Alex,

    I’ve just implemented the NDES in an infrastructure. I got /CertSrv/mscep and /CertSrv/mscep_admin working great.

    I then wanted to follow the advise about enabling SSL on these webpages. This works file, yet the /Cert/mscep page still talks about the redirection to the mscep_admin page using
    http://ndes-srv/CertSrv/mscep_admin and not

    https://ndes-srv.domain.com/CertSrv/mscep_admin

    I’ve searched the registry, IIS GUI settings and the InetSrv applicationHost.config file to modify this behaviour without success. Any idea where to look for this redirection settings ?

    Thanks for any pointers,

    Erik Bussink

  2. Any update to Erik's question says:

    How can I configure SSL for just the mscep_admin page and correct the link in the mscep page to show https?