Key terms
Read this section to get familiarized with the terms related to Simple Certificate Enrollment Protocol (SCEP).
| Key term | Definition |
|---|---|
| Challenge password | Endpoints use challenge password to communicate with SCEP. This is
used to authenticate the certificate requests coming from endpoints.
This password can be used only once and expires within 60 minutes. Each
enrollment requires a new challenge password. The challenge password is handled from MDM. MDM queries SCEP admin at regular intervals and updates the challenge password. It will be a substitution parameter in the template. |
| Thumbprint | Hash value for the CA certificate |
| NDES | Network Device Enrollment Service. It allows you to obtain certificates for routers or other network devices using the SCEP. It is the SCEP implementation by Microsoft. NDES is available as a service in Windows Server out of the box. It can also be installed from the server manager. |