Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.
Ever-evolving technology brings opportunities, but only when managed properly. Read, share and learn how to keep users mobile without compromising the safety of their data. Our MaaS360 experts will post answers to your questions about inventory tracking, patch management, policy configuration and more.
Currently, there are:
4896 Views | 5 Replies
Share your thoughts with us,
and get involved!
MaaS360 Cloud Extender has the ability to talk to a PKI Infrastructure to request for Identity Certificates for enrolled iOS devices.
The Certificate Sevice Integration involves creating a Certificate Template on the Microsoft SCEP server (the server that runs the NDES service) and setting the new Certicate Template as the default template.
This article details the steps involved in setting up the default template on the SCEP server.
This is done via the Windows Registry on the NDES server:
1. Login to the SCEP server with Administrative credentials.
2. Open the registry (Start -> Run -> Regedit.exe)
3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP
4. Change the values of the following registry keys to the name of the template:
a. EncryptionTemplate
b. GeneralPurposeTemplate
c. SignatureTemplate
PS: You will need to set these registry keys with the Template Name.
There is a Template Display Name present as well which should not be used.
The Template Name will be the name without any spaces.
Restart IIS server. Steps below:
1. Start a Command Prompt with Admin Privileges on the SCEP server ( Start -> Cmd -> Right Click -> Run As Admin)
2. Type: iisreset
Senior Customer Success Manager, MaaS360.
I am having issue accessing the Signature and Encryption Template defined in registry Key, my program always reads the template defined in General Purpose Template registry key, even thou my Key Usage value is "Digital signature" i.e. 0x80.
Any thoughts or any idea will be really appreciated.
Just out of curiousity, Have you tried accessing the Signature and Encryption Template Registry key with different certificate templates ? as per your screen shot you have defined all the three templates with same value, is there any specific reason or just for blog you have kept the same value.
as per NDES documentation(briefly following)
"Service must receive PKCs#7 request containing the Key Usage extension of the enrollment request should be one of following"
so, can I have more then 3 templates or registry key?
Thanks in advance !
~Surendra
Hi Surendra
From MS documentation: the NDES service looks for the template to use when sending a certificate request to that CA. The template will be based on the KeyUsage extension.
Also, can you confirm the Purpose field on your template under the Request Handling section ? Found this on one of the Technet Blogs here:
Does that help ?
Regarding setting up different templates for each purpose, I think this is possible, but from our product integration perspective, we just need the one template for all usages.
Senior Customer Success Manager, MaaS360.
Its a good information and I have already scan all the web resources to find the answer and still looking for answer.Being SCEP only support 3 Registry Key, so it is limited to 3 certificate templates per server which I don't want, so SCEP might not be the right solution for me but I still need to resolve the problem I am facing, may be I am missing some server configuration (not sure as of today).
Thanks for the quick reply and nice blog.
~Surendra
Hello
We are attempting to setup the VPN on demand in the Device profile.
Just wondering if you have docos on getting the Cloud extender to talk to NDES ? (And allowing options to be available in the Identity Certificate field under the IOS VPN device configuration profile)
|
MaaS360
MaaS360 by Fiberlink
RT @JonathanMDale: Google Glass: Coming Soon to a Cubicle Near You? | Wired Enterprise | Wired.com wired.com/wiredenterpris… @MAA?
|
|
|
MaaS360
MaaS360 by Fiberlink
|
|
|
MaaS360
MaaS360 by Fiberlink
Introducing MaaS360 Secure Productivity Suite? for Dual Persona - May 16, 2013: youtu.be/0WvlZjpkHAM?a via @YouTube
|
