AirWatch SCEP Proxy and Translation

SCEP Proxy

Overview

If your SCEP endpoint is not externally accessible to devices, AirWatch Device Services can act as the SCEP endpoint and forward SCEP traffic to the internal only SCEP server. AirWatch will not parse the request from the device or require access to the SCEP server’s private key, which improves security and provides flexible options for existing certificate infrastructure.

Supported Device Platforms

  • iOS
  • Windows Phone 8.1
  • SCEP with NDES
  • Generic SCEP
  • Entrust SCEP

Supported Certificate Authorities

High Level Design

image002.jpg

AirWatch Configuration

Step 1: CA Configuration

-          Ensure that the Enable Proxy check box is checked.

-          If ACC will be included, AirWatch SCEP Proxy should be checked by default.

image003.png

Step 2: Profile Configuration

-          Configure a SCEP payload.

 

SCEP Translation

Overview

With SCEP translation enabled, AirWatch Device Services behaves as a SCEP endpoint for the device while communicating the native protocol of the CA configured with AirWatch. It also forces the public-private key pair generation to be done on the device instead of through AirWatch, which improves security and CA performance. 

Supported Device Platforms

  • iOS only
  • Microsoft ADCS
  • Symantec – non escrowed profiles only

Supported Certificate Authorities

 

High Level Design

image004.jpg

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.