Requesting Endpoint Certificates Using SCEP (Enterprise)

Simple Certificate Enrollment Protocol (SCEP) lets you simplify the retrieval and installation of digital certificates by enabling devices to obtain certificates automatically from a SCEP server.

Important: SCEP not supported on Remote Workstation Cards

Remote Workstation Cards cannot obtain a SCEP certificate from the PCoIP Management Console.

Tip: Organize endpoints into groups

Before you create an endpoint certificate, organize your endpoints into groups. See Organizing Endpoints into Groups.

Info: REQUEST CERTIFICATE option not enabled

Your PCoIP Zero Client must belong to the group defined in your SCEP certificate rule before the REQUEST CERTIFICATE option is enabled.

Info: View certificate information

PCoIP Management Console Enterprise Edition release 2.5+ users can reference SCEP certificate information displayed on the dashboard. This window is limited to SCEP issued certificates.

To create an endpoint certificate rule:

  1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

  2. Click NEW CERTIFICATE RULE.

  3. In the Groups field, click ADD to add a group that was set up on the ENDPOINTS page. If required, you can remove a group by highlighting it and clicking REMOVE.

  4. In the Server URI, field, type the Uniform Resource Identifier (URI) of the SCEP server that is configured to issue certificates for the group.

  5. In the Server Password field, type the password for the SCEP server.

  6. In the CA Identifier field, type the certification authority issuer identifier if your SCEP server requires it (the CA Identifier is supported for devices running firmware 5.4 or later). A CA Identifier is any string that is understood by the SCEP server (for example, a domain name).

  7. In the Use Certificate for 802.1X field, select True to configure 802.1x on the endpoint with SCEP certificates.

    Info: PCoIP Zero Clients and 802.1X

    PCoIP Zero Clients can be configure to use 802.1x with SCEP certificates, and have the endpoint present this certificate to the 802.1x authenticator.

  8. PCoIP Zero Clients support 802.1X authentication, which prevents unauthorized devices from gaining access to local area networks (LANs).

  9. Click SAVE.

To view an endpoint certificate rule:

  1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

  2. Click VIEW to review the details of an endpoint certificate rule.

  3. If there is more than one endpoint certificate rule, click PREV or NEXT to view additional certificate rules.

To edit an endpoint certificate rule:

  1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

  2. Highlight a certificate rule that you want to edit.

  3. Click EDIT to revise an endpoint certificate rule.

To delete an endpoint certificate rule:

  1. Click ENDPOINT CERTIFICATES to display the CERTIFICATE MANAGEMENT window.

  2. Highlight a certificate rule that you want to delete.

  3. Click DELETE to delete an endpoint certificate rule.

  4. In the DELETE CERTIFICATE RULE dialog box, click DELETE.