Before deployment, you must have the following:

• Windows Server 2008 or Windows Server 2008 R2 (not Windows Server 2003) to deploy the SCEP server for iOS use
• Server with a Certificate Authority (CA) available

To deploy a SCEP server in a Windows Server 2008:

1. Go to Start > Administrative Tools > Server Manager.
2. Select Roles > Add Roles.
3. Click Next. 
4. Tick the Active Directory Certificate Services role checkbox. 
5. Click Next twice.
6. Select Network Device Enrollment Service and click Next. 

   If you installed the CA in the same machine, select Active Directory Certificate Services to Add Role Sevices.

7. Accept the default settings for installing IIS to the server.
    

   Network Device Enrollment Service (NDES) requires IIS.
8. Specify the user account NDES that you will use (required: add it to the local IIS_IUSRS group first), and click Next. 
9. Fill out the contact information (if desired), and click Next. 
10. On the Cryptography section, change the Key character length (if needed), click Next. 
11. Review the information and click Install.  
    Take note of the installation results. 
12. Restart the server and then log back in using the NDES user account.
     

    To know more about NDES, refer to these articles:

    • Installation Document Guide (chapter2 page4)
    • Two improvements are available that shorten the time that is required to manage SCEP certificates by using the Network Device Enrollment Service in Windows Server 2008
13. Open the Registry Editor using the "regedit" command.
14. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\UseSinglePassword and set the UseSinglePassword value to "1".
15. Restart IIS.
16. Access the SCEP Server admin via http://<scep_server>/certsrv/mscep_admin/ to view the password.