General

AppConfig:ActiveDirectory:Keytab

Linux: AppConfig__ActiveDirectory__Keytab

Value: Output from New-SCEPmanADPrincipal

Description: The encoded Kerberos keytab of the service principal created by New-SCEPmanADPrincipal. The keytab is encrypted using the public key of SCEPmans CA certificate which allows for a secure transfer of this information. Technically, the encryption is a PKCS#7 encrypted to the CA certificate's private key.

While the keytab itself is sensitive information, this encypted value can only be decrypted by the CA certificate and SCEPman holds the keytab only in memory, so it requires no special security precautions like configuring this value in a Key Vault secret instead of an environment variable.

AppConfig:ActiveDirectory:GroupFilter

Linux: AppConfig__ActiveDirectory__GroupFilter

Value: Comma-separated list of AD groups specified by their SID

Description: This setting allows to limit the usage of the endpoint to members of the specified Active Directory groups.

AppConfig:ActiveDirectory:RenewalThresholdPercentage

Linux: AppConfig__ActiveDirectory__RenewalThresholdPercentage

Value: Floating point number of the percentage. Default is 0.2 (20%)

Description: If the remaining validity of a certificate falls below this percentage of the total certificate validity, a renewal should be triggered on the client side.

AppConfig:ActiveDirectory:BaseUrl

Linux: AppConfig__ActiveDirectory__BaseUrl

Value: https://scepman.contoso.com

Description: This defines the base URL of the Active Directory endpoint that will be displayed on the SCEPman homepage and will be returned in the policies requested by your clients. Defaults to AppConfig:BaseUrl

This setting should only be set if you require your Active Directory endpoint to be accessed at a different URL than SCEPman in general.

Last updated 2 days ago

Was this helpful?