Enable the Required Templates

The Keyfactor SCEP uses a minimum of three Microsoft templates and one Microsoft Certificate Authority (CA) for proper operation.

Infrastructure Templates

The Keyfactor SCEP server requires two specific infrastructure certificates:

Encryption certificate: This certificate is based on the CEP Encryption Microsoft CA certificate template.
Signing certificate: This certificate is based on the Exchange Enrollment Agent (Offline request) certificate template.

These certificates can be automatically enrolled using the Keyfactor SCEP configuration tool. These Microsoft templates must be available for enrollment from at least one Certificate Authority (CA) in your environment, should you choose to use the automated certificate request option during the configuration process.

Note: The CA used to request the Keyfactor SCEP infrastructure certificates does not need to be the same CA used for Keyfactor SCEP enrollment certificates.

Important: The built-in Microsoft templates have a 1024-bit key size which cannot be modified through the standard template management interface. Certificates you acquire using these standard templates will therefore have 1024-bit keys. If you would prefer to use SCEP certificates with stronger keys, you will need to first create templates to allow you to enroll for those certificates (see Create Custom Keyfactor SCEP Templates (Optional)), enroll for the certificates (see Create the Keyfactor SCEP Certificates), and configure Keyfactor SCEP to use certificates (see Installing the Keyfactor SCEP Server).

Enrollment Template

In addition to the infrastructure templates, you also need to configure a template for Keyfactor SCEP enrollment certificates. This template will be selected in the Keyfactor SCEP server configuration tool. Be sure to choose an appropriate template that meets the security requirements for your Keyfactor SCEP enrollment process.

Was this page helpful? Provide Feedback

On this page: