Aamer M
asked on
Active Directory certificate services support for SCEP.
I want to install a standalone Microsoft Certificate authority (ADCS) that is able to issue certificates to cisco devices. The network guys need a CA that supports SCEP. We do not want to make any changes to the existing CA and want to build a temporary standalone CA for testing.
What additional steps are required to allow a Microsoft CA to issue IPsec certificates to network devices and support the SCEP protocol.
Is it enough to just install the sub component or does it need some configuration.
What additional steps are required to allow a Microsoft CA to issue IPsec certificates to network devices and support the SCEP protocol.
Is it enough to just install the sub component or does it need some configuration.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2. but you can also set up a new hiearchy with new root and subca and scep server, without messing up your existing infrastructure.
just make sure your certificate templates won't have autoEnrollment activated, or permissions are set correctly.
quite a lot more here:
https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
https://www.whitewinterwolf.com/posts/2017/10/05/how-to-configure-windows-as-a-scep-server-cisco-asa-enrollment/#_
testing:
https://blogs.technet.microsoft.com/configmgrdogs/2015/08/24/so-you-want-to-test-your-ndesscep-certificate-enrollment/