LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
      • SCEPmanClient
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • Enable Mosyle Integration
  • Mosyle Configuration
  • SCEPman Root Certificate
  • Device Certificate

Was this helpful?

  1. Certificate Management
  2. Other MDM Solutions

Mosyle

Issue certificates in Mosyle by connecting SCEPman as an External CA. Devices will be able to obtain certificates using SCEPman's static interface and a challenge password enrolled.

Last updated 20 days ago

Was this helpful?

For more general information about other MDM solutions and SCEPman integration please check .

Enable Mosyle Integration

Integrating Mosyle with SCEPman can be easily enabled via the following SCEPman app configurations:

You can differentiate between the SCEPman App Service and the Certificate Master by looking for the App Service without the "-cm" in its name

Setting
Description
Value

Enable the 3rd-party validation

true to enable, false to disable

generate a 32 character password

How many days shall certificates issued via Mosyle be valid

365

Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master

true to enable, false to disable

After adding or editing SCEPman configuration parameters, you need to restart the app service.

Mosyle Configuration

SCEPman Root Certificate

As a first step you must deploy SCEPman's root certificate. Download this CA certificate via SCEPman website:

In Mosyle, navigate to Management and add "Multi-Cert Profile" as a new profile type (if it does not already exist).

Now Add new profile, choose a name for this profile, e.g. SCEPman Root CA, then click on +ADD PROFILE under Profile Name (see screenshot below), and choose "Add Certificate profile" from the shown window. Next, select and upload the SCEPman root certificate you already download, add SCEPman Root CA as Profile Name and Save.

Now you need to assign this profile to your devices/users, then Save

After saving, you can check the compliance status by clicking on view details on the profile

Device Certificate

Add a new profile, add profile name e.g. SCEPman Device Certificate, +ADD PROFILE, now choose SCEP Profile and fill out the values as shown below

Profile Name: choose a name for your profile

Server: choose URL

URL: past your SCEPman URL with /static at the end as shown on the screenshot. You can also copy this value from SCEPman homepage near Static MDM

Subject: It is up to you which variables you choose for the subject, you can choose one or multiple Relative Distinguished Name (RDN). NOTE that RDNs always start with / for example

/CN=%DeviceName% for device name. On our example on the screenshot, we have added 3 RDNs, multiple CNs is also allowed. You can check the variable list by clicking on View available variables above the field.

Subject Alternative Name is optional.

Key Size: 2048

Enable the two options "Use for signing" and "Use for encryption", and leave all other settings as default (like shown on the screenshot) then Save

Now you need to assign this profile to your devices/users, then Save.

After saving, you can check the compliance status by clicking on view details on the profile

Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password Recommendation: Store this secret in .

(optional)

(optional)

Challenge: add your 32 character challenge password configured in SCEPman configuration,

see enable Mosyle integration
here
AppConfig:StaticValidation:Enabled
AppConfig:StaticValidation:RequestPassword
AppConfig:StaticValidation:ValidityPeriodDays
AppConfig:StaticValidation:EnableCertificateStorage
Azure KeyVault
SCEPman Website
Adding a Root CA Profile
Upload Root CA
Save Root CA profile
Profile Distribution Status
SCEP Profile Configuration
SCEP Profile Configuration
Profile Distribution Status