Search…
Welcome
Details
Editions
SCEPMAN Deployment
Getting Started
Azure Sizing
Permissions
Deployment Options
Root Certificate
Architecture
Device Directories
Certificate Deployment
Microsoft Intune
Windows
macOS
Android
iOS/iPadOS
Jamf
🆕
Certificate Master
3rd-party MDM Solutions
Domain Controller Certificates
Advanced Configuration
Application Artifacts
Application Insights
Application Settings
Autoscaling
Certificate Master Settings
Custom Domain
Geo-redundancy
Health Check
Intermediate Certificate
License Key
Log configuration
Update Strategy
NAC Configuration
Network Access Controllers
Other
Troubleshooting
Important Links
Changelog
Licensing
Support
SCEPman Website
Powered By GitBook
iOS/iPadOS
The following article describes how to deploy a device or/and user certificates for iOS and iPadOS devices. The deployment of the SCEPman Root Certificate is mandatory. Afterward you can choose between deploying only device, user or even both certificate types.

Root Certificate

The basis for deploying SCEP certificates is to trust the public root certificate of SCEPman. Therefore, you have to download the CA Root certificate and deploy it as a Trusted certificate profile via Microsoft Intune:
  • Download the CA Certificate from SCEPman portal:
  • Create a profile for iOS/iPadOS with type Trusted certificate in Microsoft Intune:
  • Upload your previously downloaded .cer file.
  • Now you can deploy this profile to your devices. Please choose All Users and/or All Devices or a dedicated group for assignment.
Note, that you have to use the same group for assigning the Trusted certificate and SCEP profile. Otherwise, the Intune deployment might fail.

Device certificates

  • Open the SCEPman portal and copy the URL under Intune MDM:
  • Create a profile for iOS/iPadOS with type SCEP certificate in Microsoft Intune:
  • Configure the profile as described:
Certificate type: Device
Subject name format: CN={{DeviceId}} or CN={{AAD_Device_ID}}
Subject alternative name: URI Value:IntuneDeviceId://{{DeviceId}}
Certificate validity period: 1 years
Key usage: Digital signature and key encipherment
Key size (bits): 2048
Root Certificate: Profile from previous step
Extended key usage: Client Authentication, 1.3.6.1.5.5.7.3.2
Renewal threshold (%): 50
SCEP Server URLs: Open the SCEPman portal and copy the URL of Intune MDM​
With our stated settings, we fulfill Apples certificate requirements.

Example

  • Now you can deploy this profile to your devices. Please choose the same group/s for assignment as for the Trusted certificate profile.

User Certificates

Please follow the instructions of Device certificates and take care of the following differences:
Certificate type: User
Subject name format: CN={{UserName}},E={{EmailAddress}}
Subject alternative name: UPN Value: {{UserPrincipalName}}
With our stated settings, we fulfill Apples certificate requirements​

Example

Previous
Android
Next - Certificate Deployment
Jamf
Last modified 4mo ago
Copy link
Edit on GitHub
Outline
Root Certificate
Device certificates
Example
User Certificates
Example