SCEP Service

Simple Certificate Enrollment Protocol for mkcert

SCEP Service Overview

SCEP (Simple Certificate Enrollment Protocol) allows devices to automatically request and receive certificates from this mkcert Web UI service. This implementation provides a simplified SCEP server that generates certificates using mkcert.

Note: This is a simplified SCEP implementation designed for development and testing environments. For production use, consider a full-featured SCEP server.

SCEP Configuration

Use these URLs to configure SCEP clients:

SCEP Service URL: Loading...

Get CA Certificate: Loading...

Get CA Capabilities: Loading...

Enterprise CA Status

Checking Enterprise CA status...

Certificate Templates

Loading certificate templates...

Challenge Password Management

Generate challenge passwords for SCEP clients:

Identifier:

Expires In:

Active Challenge Passwords

Loading challenges...

Manual Certificate Generation

Generate certificates using SCEP workflow with Enterprise CA support:

Common Name (Domain): Primary domain name or identity for the certificate

Certificate Template: Choose template based on certificate usage

User Principal Name (UPN): Required for M365 User certificates

Subject Alternative Names (optional): Additional domains or IPs. One per line.

Challenge Password (optional): SCEP challenge password (optional if configured globally)

SCEP Certificates

Loading SCEP certificates...

Enterprise Integration Guide

MDM Integration

Configure your Mobile Device Management system to use this SCEP service:

SCEP URL: Loading...
Challenge: Configure via environment variables
Supported Templates: User, Computer, WiFi, M365User
Key Size: 2048 bits (RSA)

Compatible with: Microsoft Intune, VMware Workspace ONE, Cisco Meraki, Apple Profile Manager

Microsoft 365 Integration

For hybrid Azure AD environments, use the M365User template:

Template: M365User
UPN Format: user@domain.com
Subject Alternative Name: Automatically includes UPN
Key Usage: Digital Signature, Key Encipherment, Client Authentication

Required Environment Variables:

ENTERPRISE_CA_ENABLED=true
ENTERPRISE_CA_CERT_PATH=/path/to/ca.crt
ENTERPRISE_CA_KEY_PATH=/path/to/ca.key
ENTERPRISE_CA_ORGANIZATION="Your Organization"
ENTERPRISE_CA_ORGANIZATIONAL_UNIT="IT Department"

API Endpoints

GET /scep?operation=GetCACert - Retrieve CA certificate
POST /scep?operation=PKIOperation - Process certificate requests
POST /api/scep/certificate - Manual certificate generation
GET /api/scep/enterprise-ca/status - Enterprise CA status
GET /api/scep/templates - Available certificate templates
POST /api/scep/validate-upn - UPN validation for M365