LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
      • SCEPmanClient
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • AppConfig:AnonymousHomePageAccess
  • AppConfig:BaseUrl
  • AppConfig:LicenseKey
  • AppConfig:RemoteDebug
  • AppConfig:CertificateStorage:TableStorageEndpoint
  • AppConfig:EnableCertificateStorage
  • AppConfig:SCEPResponseEncryptionAlgorithm
  • WEBSITE_RUN_FROM_PACKAGE

Was this helpful?

  1. SCEPman Configuration
  2. SCEPman Settings

Basics

Last updated 27 days ago

Was this helpful?

These settings should only be applied to the SCEPman App Service, not the Certificate Master. Please refer to .

AppConfig:AnonymousHomePageAccess

Linux: AppConfig__AnonymousHomePageAccess

Value: true or false

Description: When not configured or set to true, anyone on the internet knowing the app service's URL can access the SCEPman Homepage and see status information like the SCEPman version and whether SCEPman is up and running (except if you prevent this with a firewall). We consider this non-sensitive information, but if you want to hide it, set this to false. Then, the homepage is deactivated for browser access and this information is not visible anymore.

AppConfig:BaseUrl

Linux: AppConfig__BaseUrl

Value: App Service Name or

Description: This defines the public OCSP endpoint URL for the certificates. By default, the value contains the App Service Name. If you want to use a , you need to change this value.

AppConfig:LicenseKey

Linux: AppConfig__LicenseKey

Value: empty or license key

Description: If you are using a trial deployment or the community edition this field leaves empty. After you purchased the Enterprise Edition you will receive a license key from us, then you can insert this key into this setting.

AppConfig:RemoteDebug

Linux: AppConfig__RemoteDebug

Value: Date or false

Description: You can send Debug log information to a cloud-based monitoring solution of our company for support reasons. This can speed up support cases.

You can activate and deactivate this feature by changing the value to the date until when the remote debug logging should be enabled. After this date, SCEPman will keep sending debug logs until it restarts. Microsoft App Services restart automatically every now and then, usually in a two-week timeframe. We recommend setting the value to the date in one week in the format YYYY-MM-DD. For example, on 2025-05-05, you would set this to 2025-05-12.

Up until version 2.8, you could also use 'true'. This is not possible anymore starting with SCEPman and Certificate Master version 2.9 and newer.

Do not forget to restart SCEPman App Service after enabling and saving the setting.

AppConfig:CertificateStorage:TableStorageEndpoint

Linux: AppConfig__CertificateStorage__TableStorageEndpoint

This defines which Table Storage Endpoint to use for checking manual certificate revocations. If you remove this setting, SCEPman will not use the database for revocation checks.

Changes can harm your service!

AppConfig:EnableCertificateStorage

Linux: AppConfig__EnableCertificateStorage

Applicable to version 2.8 and above

Value: true or false (default)

Description: When requesting certificates, SCEPman stores those requested certificates in the Storage Account in Azure if this is set to true and when this setting is not explicitly overridden with false for the specific endpoint. This will make the issued certificates appear in SCEPman Certificate Master, where you can view and revoke them manually. Additionally, certificates are revoked automatically depending on the specific SCEP endpoint used for enrollment. If set to false or not set, SCEPman will only store issued certificates for those endpoints where certificate storage has been explicitly enabled. If a certificate is not stored, they are visible only in the logs or if the SCEP client stores them somewhere.

AppConfig:SCEPResponseEncryptionAlgorithm

Linux: AppConfig__SCEPResponseEncryptionAlgorithm

The algorithm used to encrypt SCEP responses. Reasonable values include "2.16.840.1.101.3.4.1.42" for AES-256-CBC (the default) and "2.16.840.1.101.3.4.1.2" for AES-128-CBC.

Changes can harm your service!

WEBSITE_RUN_FROM_PACKAGE

This setting points to the Application Artifacts that will be loaded by starting the App Service. Please have a look at these instructions: .

SCEPman Settings
https://customcname.domain.com
Custom Domain
Application Artifacts