Addigy

SCEPman can be integrated with Addigy as an External Certificate Authority (CA) using SCEPman's static interface. With a configured challenge password, enrolled devices will be able to request and obtain certificates.

For more general information about other MDM solutions and SCEPman integration, please check here.

Enable Addigy Integration

Integration of SCEPman can be easily enabled via the following environment variables on SCEPman App Service:

Addigy Configuration

SCEPman Root Certificate

As a first step, SCEPman root certificate must be deployed. To do so, download the RootCA certificate via the SCEPman website:

Now convert the .cer root certificate to PEM format in order to upload it to Addigy. You can use the following OpenSSL command for that:

openssl x509 -inform der -in scepman-root.cer -out SCEPman-Root-Certificate.pem

In Addigy, navigate to Profiles and create a new MDM profile, choose Certificates - (PKCS12) as Profile Type to upload SCEPman RootCA and upload the PEM format file.

SCEP Profile

The second step is to create a new SCEP Profile for device certificate deployment as below:

• Payload Name: Choose a name for the profile, this will appear as a certificate profile on the client.

• URL: The static SCEP endpoint of SCEPman that you configured in a previous step, you can get it from SCEPman homepage, see below:

• Challenge: Is required to authenticate CSR requests sent to SCEPman's static SCEP interface. It must match the value of the setting AppConfig:StaticValidation:RequestPassword that you previously configured.

• Enable the "Proxy SCEP Requests" option

• Choose "Signing & Encryption" for Key Usage

• Fill out the rest as shown in the screenshots below

After successfully creating both the Root CA and Device Certificate profiles, apply them to your policy to deploy the configuration to assigned devices.

For more information, please check Addigy's documentation.