Addigy
Issue certificates in Addigy by connecting SCEPman as an External CA. Devices will be able to obtain certificates using SCEPman's static interface and a challenge password enrolled.
SCEPman can be integrated with Addigy as an External Certificate Authority (CA) using SCEPman's static interface. With a configured challenge password, enrolled devices will be able to request and obtain certificates.
For more general information about other MDM solutions and SCEPman integration, please check here.
Enable Addigy Integration
Integration of SCEPman can be easily enabled via the following environment variables on SCEPman App Service:
Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password Recommendation: Store this secret in Azure KeyVault.
generate a 32 character password
Days certificates issued via Addigy are valid
365
Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master
true to enable, false to disable
After adding or editing SCEPman configuration parameters, you need to restart the App Service.
Addigy Configuration
SCEPman Root Certificate
As a first step, SCEPman root certificate must be deployed. To do so, download the RootCA certificate via the SCEPman website:

Now convert the .cer root certificate to PEM format in order to upload it to Addigy. You can use the following OpenSSL command for that:
openssl x509 -inform der -in scepman-root.cer -out SCEPman-Root-Certificate.pem
In Addigy, navigate to Profiles and create a new MDM profile, choose Certificates - (PKCS12) as Profile Type to upload SCEPman RootCA and upload the PEM format file.

SCEP Profile
The second step is to create a new SCEP Profile for device certificate deployment as below:
Payload Name: Choose a name for the profile, this will appear as a certificate profile on the client.
URL: The static SCEP endpoint of SCEPman that you configured in a previous step, you can get it from SCEPman homepage, see below:

Challenge: Is required to authenticate CSR requests sent to SCEPman's static SCEP interface. It must match the value of the setting AppConfig:StaticValidation:RequestPassword that you previously configured.
Enable the "Proxy SCEP Requests" option
Choose "Signing & Encryption" for Key Usage
Fill out the rest as shown in the screenshots below


After successfully creating both the Root CA and Device Certificate profiles, apply them to your policy to deploy the configuration to assigned devices.
For more information, please check Addigy's documentation.
Last updated
Was this helpful?