SCEPman
Search…
DC Validation

AppConfig:DCValidation:Enabled

Applicable to version 1.6 and above
SCEPman Enterprise Edition only
Value: true or false
Description: This setting helps you to request Kerberos server certificates for your on-premises Domain Controllers. See Domain Controller Certificates for details.
True: SCEPman listens at the additional SCEP server endpoint with the path /dc. Use in conjunction with AppConfig:DCValidation:RequestPassword. False (default): SCEPman does not issue certificates for Domain Controllers.

AppConfig:DCValidation:RequestPassword

Applicable to version 1.6 and above
SCEPman Enterprise Edition only
Value: String
Description: A challenge password that the Domain Controllers must include in every SCEP request to acquire a certificate. Only used if AppConfig:DCValidation:Enabled is set to true.
We recommend to define this setting as Secret in Azure Key Vault. The Secret must have the name AppConfig--DCValidation--RequestPassword.

AppConfig:DCValidation:ValidityPeriodDays

Applicable to version 1.7 and above
SCEPman Enterprise Edition only
Value: Positive Integer
Description: This setting further reduces the global ValidityPeriodDays for the Domain Controller endpoint. For example, you may define a low value like 10 days here and reduce the validity of Domain Controller certificates, while still having a long validity for your client certificates.
Last modified 1mo ago