Summary
Deploy the Simple Certificate Enrollment Protocol (SCEP) Server to use TMMS versions that support iOS.
Details
Before deployment, you must have the following:
- Windows Server 2008 or Windows Server 2008 R2 (not Windows Server 2003) to deploy the SCEP server for iOS use
- Server with a Certificate Authority (CA) available
To deploy a SCEP server in a Windows Server 2008:
- Go to Start > Administrative Tools > Server Manager.
- Select Roles > Add Roles.
- Click Next.
- Tick the Active Directory Certificate Services role checkbox.
- Click Next twice.
- Select Network Device Enrollment Service and click Next.
If you installed the CA in the same machine, select Active Directory Certificate Services to Add Role Sevices.
- Accept the default settings for installing IIS to the server.
Network Device Enrollment Service (NDES) requires IIS.
- Specify the user account NDES that you will use (required: add it to the local IIS_IUSRS group first), and click Next.
- Fill out the contact information (if desired), and click Next.
- On the Cryptography section, change the Key character length (if needed), click Next.
- Review the information and click Install.
Take note of the installation results. - Restart the server and then log back in using the NDES user account.
- Open the Registry Editor using the "regedit" command.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\UseSinglePassword and set the UseSinglePassword value to "1".
- Restart IIS.
- Access the SCEP Server admin via http://<scep_server>/certsrv/mscep_admin/ to view the password.
