Identifying Issued SCEP Certificates for iOS Enrollment

Article:TECH201445  |  Created: 2013-01-08  |  Updated: 2013-01-08  |  Article URL http://www.symantec.com/docs/TECH201445
Article Type
Technical Solution


Environment

Issue



During typical iOS Device enrollment, SCEP certificates are issued to iOS devices with a generic subject. The serial number of the certificate will be unique but not easy to identify for a specific device or user.


Environment



Symantec Mobile Management for Configuration Manager 7.x


Cause



The NDES requests a unique certificate but only the serial number differentiates the certificates. The serial number is not a convenient way to trace the certificate to the device.


Solution



In MMCM 7.x, you can use a variable in the SCEP configuration. Authentication must be enabled for this variable to work.

  1. In the iOS side of the Configuration Editor, open your SCEP configuration.
  2. In the Subject field, change the text to: CN={USERNAME}
  3. Save the configuration.
  4. Re-enroll your iOS device.
  5. Examine the CA issued certificates list and check the Issued Common Name.



Article URL http://www.symantec.com/docs/TECH201445


Terms of use for this information are found in Legal Notices