Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create Device Certificate (SCEP)

You are here: Device Administration > Certificate Management > Certificates.

To create an SCEP certificate:

  1. Click Create available on the upper-right corner of the Certificates page.
  2. Click Device Certificate and select SCEP.
    The Create Device Certificate (SCEP) page appears.
  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.
    If you click OK, a new CA certificate with the provided configuration is created.
Table 1: Fields on the Create Device Certificate (SCEP) page



CA certificate name

Select one of the CA certificate names from the list or click Add CA certificate to add a new CA Certificate. For details on adding a CA certificate, see Add CA Certificate.

Digital signature

Select a digital signature from the list. That is, RSA-1024, RSA-2048, or RSA-4096. By default, RSA-2048 is selected.


Enter a device certificate name.

Enrollment Parameters

Challenge password

Enter the CA challenge password for certificate enrollment and revocation.

This challenge password must be the same used when the certificate was originally configured.


Select the digest from the list that you want to associate with the certificate. The options are: MD-5 Digests or SHA-1 digests.


Select the encryption method from the list for the CA certificate. The options are: DES Encryption or DES-3 Encryption.

Auto re-enrollment

Enable this option to request that the issuing CA replace a certificate before its specified expiration date.

Renew trigger time

Set the renew trigger time (in days). Default is 65 days and maximum is 85 days.

Re-generate key pair

Enable this option to automatically generate a new key pair when a device certificate is automatically re-enrolled.

Subject (Minimum of one field required)

Domain component

Enter the domain component that you want to associate with the certificate.

Common name

Enter a common name for the certificate.

Organizational unit name

Enter the name of the organizational unit that you want to associate with the certificate.

Organizational name

Enter the name of the organization that you want to associate with this certificate.

Serial number

Device serial number is autopopulated.


Enter the origin locality name.


Enter the origin state name.


Enter the origin country name.

Subject Alt Name

Domain name

Enter a domain name that you want to associate with the certificate.


Enter an email address of the entity owning the certificate.

IPv4 address

Enter the IPv4 address of the device.

IPv6 address

Enter the IPv6 address of the device.



Select the digest from the list. The options are: SHA-1 digests or SHA-256 digests.