SCEP support for Studio X or G7500

• PolyOS 4.1.0 added SCEP to the Poly Studio X or G7500.
• PolyOS 4.2 added SCEP to the TC8 or TC10 device

Browse to Studio X or G7500 and navigate to Security > Certificates > SCEP > View and enter the SCEP details.

The below example is using a Windows 2019 Server.

The SCEP Challenge Password is the enrollment challenge password when using a Windows Server

The Common Name (CN) is the Network > Lan Network > Lan Options > Host Name 

The Studio X or G7500/G62 Web UI once the Certificate is succesfully installed:

With PolyOS 4.2 the TC device (running TCOS 6.0.0 or later) added SCEP support so the TC device can download the Root and the Device certificate.

NOTE: At present, the TC device does not support the dynamic challenge passwords as it gets a copy of the SCEP information from a paired Studio X or G7500. When using dynamic single-use passwords only the paired Studio X or G7500 will be able to gather device certificates. 

When applying the Device Certificate to both the Studio / G7500 / G62 or the TC device ensure it has Client Authentication or when using TLS the server cannot Authenticate the Certificate:

False:

To allow a Windows SCEP/NDES Server to use a static SCEP Challenge Password follow >this<

•Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP\UseSinglePassword
•Name: UseSinglePassword
•Type: REG_DWORD
•Value: 1

As the password is now static it needs to be stored via the registry, the user account used for the NDES service account should therefore be granted Full control write permission via Allow to the MSCEP registry key.

In addition the IIS Application Pool for SCEP, if the NDES service account is a domain account, the "Load User Profile" option must still be enabled in the advanced configuration of the IIS application pool.

or via Power Shell:

Import-Module -Name WebAdministration
Set-ItemProperty IIS:\AppPools\SCEP -name processModel -value @{LoadUserProfile="true"} 

Don't forget to reboot the SCEP server or simply restart IIS

Source