Servers

    Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services

    Language:
    English
    The Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services runs on the Windows Server 2003 family. It provides support for the SCEP protocol which allows Cisco routers and other intermediate network devices to obtain certificates.
    • Version:

      5.131.3790.1053

      File Name:

      cepsetup.exe

      Date Published:

      8/24/2012

      File Size:

      171 KB

        The Simple Certificate Enrollment Protocol (SCEP) Add-on for Certificate Services runs on Windows Server 2003 family. It provides support for the SCEP protocol which allows Cisco routers and other intermediate network devices to obtain certificates.This update addresses the following issue:
        • Added support for clients that do not supply the Key Usage in the PKCS#10 request to the certificate authority (CA). This update will allow the CA to accept a request where no Key Usage is specified in the request. The CA will include the proper Key Usage automatically in the issued certificate.
    • Supported Operating System

      Windows Server 2003


        You can download and install the SCEP Add-on for Certificate Services on the following platforms:
        • Windows Server 2003, Standard Edition
        • Windows Server 2003, Enterprise Edition
        • Windows Server 2003, Datacenter Edition

        1. Click the Download link to start the download.
        2. In the File Download dialog box, select Save this program to disk.
        3. Select a location on your computer to save the file, and then click Save.
        4. In Windows Explorer, go to the location where you saved the downloaded file, double-click the file to start the installation process, and then follow the installation instructions.

      • Important notes before you start:
        • You must install the SCEP Add-on for Certificate Services on a certification authority (CA). Both enterprise CAs and stand-alone CAs are supported. You can install the SCEP Add-on for Certificate Services on a root or subordinate CA.
        • If you are using Cisco routers to enroll for certificates, they must be running Cisco IOS Release 12.2(6) or later.
        • When using a standalone CA, the CA should be in a separate certification hierarchy from all other CAs in your organization. This helps prevent any unintended trust of SCEP clients.
        • You must have proper administrative privileges to install the SCEP Add-on for Certificate Services. By default, you need to be a member of the Enterprise Administrators group and the root Domain Administrators group to install this add-on on an enterprise CA, or you need to be a member of the local computer's administrators group to install this add-on on a standalone CA.
        • The SCEP Add-on for Certificate Services cannot be installed on a CA that has any non-alphanumeric characters (&,*, :, ;, ', ", etc.) in its name.
        • The SCEP Add-on can either be configured to use the local system account or a user account to connect to the CA for certificate enrollment. When using a user account, the account must be a member of the IIS_WPG security group and have Read and Enroll permission for the IPSec (Offline request) certificate template. If the CA is an enterprise CA, the user account must be an Active Directory user account and must have additional configuration steps performed. For more information, see the documentation for the SCEP Add-on for Certificate Services located in the Windows Server 2003 Resource Kit documentation.
        • The CA that issues the SCEP certificate must publish its certificate revocation list (CRL) to an HTTP URL that the router can contact. The CRL location must be an HTTP location for the router to retrieve it and verify the revocation status of its certificate. In addition, the CRL location must be specified as a CRL Distribution Point (CDP) in the issued certificate for the router to locate it.
        • When using a standalone CA with SCEP as a separate certification hierarchy, the root CA's certificate and chain should not be trusted by other clients in the enterprise. In this configuration, the SCEP-oriented PKI is only intended for trust by intermediate network devices that use SCEP.

    Popular downloads

    Loading your results, please wait...

    Free PC updates

    • Security patches
    • Software updates
    • Service packs
    • Hardware drivers

    Microsoft suggests

    Download a free trial of Windows Server 2012 R2.
    Windows Server 2012 R2 free trial
    Experience the new and enhanced capabilities.
    Free trial