Kandji's SCEP Profile feature allows you to distribute and re-distribute certificates to Apple devices automatically.
Only static challenges are supported when using the SCEP Library Item.
Create a SCEP Profile Library Item
Log in to your Kandji tenant before performing the next steps.
To add this Library Item to your Kandji Library, follow the steps outlined in the Library Overview article.
Give your SCEP Library Item a name.
Select the desired Blueprints.
Input the base URL for your SCEP server.
Optionally, put in a display Name, Challenge, and Fingerprint.
Configure the Subject (optional), and Subject Alternative Name Type.
Configure the Key Size and Key Usage
.png)
Optionally, configure retry, access, export, expiration, and redistribution settings.
Other Considerations
Profile Redistribution
When the Automatic profile redistribution option is selected, Kandji will check the expiration date of the issued certificate and attempt to re-install the profile automatically to renew the certificate. When using this option, the $PROFILE_UUID will be appended to the Subject in the request.
Preventing Key Extraction
Using the Prevent the private key data from being extracted in the keychain option can prevent users from extracting the private key for the issued certificate.