• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
Guidelines
Seize the moment! nominate yourself or a tech enthusiast you admire & join the HP Community Experts!
A_Gayathri
HP Administrator
‎01-10-2026 12:26 PM
Views : 884
No ratings

SCEP support for Studio X or G7500

 

Browse to Studio X or G7500 and navigate to Security > Certificates > SCEP > View and enter the SCEP details.

 

The below example is using a Windows 2019 Server.

 

The SCEP Challenge Password is the enrollment challenge password when using a Windows Server

A_Gayathri_0-1768071983284.png

 

 

The Common Name (CN) is the Network > Lan Network > Lan Options > Host Name 

A_Gayathri_1-1768071983255.png

 

The Studio X or G7500/G62 Web UI once the Certificate is succesfully installed:

A_Gayathri_2-1768071983924.png

 

With PolyOS 4.2 the TC device (running TCOS 6.0.0 or later) added SCEP support so the TC device can download the Root and the Device certificate.

A_Gayathri_3-1768071983257.png

 

 

NOTE: At present, the TC device does not support the dynamic challenge passwords as it gets a copy of the SCEP information from a paired Studio X or G7500. When using dynamic single-use passwords only the paired Studio X or G7500 will be able to gather device certificates. 

When applying the Device Certificate to both the Studio / G7500 / G62 or the TC device ensure it has Client Authentication or when using TLS the server cannot Authenticate the Certificate:

A_Gayathri_4-1768071983964.png

 

 

A_Gayathri_5-1768071983288.png

 

 

False:

A_Gayathri_6-1768071983848.png

 

To allow a Windows SCEP/NDES Server to use a static SCEP Challenge Password follow >this<

 

 

•Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP\UseSinglePassword
•Name: UseSinglePassword
•Type: REG_DWORD
•Value: 1

 

 

A_Gayathri_7-1768071983813.png

 


As the password is now static it needs to be stored via the registry, the user account used for the NDES service account should therefore be granted Full control write permission via Allow to the MSCEP registry key.

A_Gayathri_8-1768071983806.png

 

 

A_Gayathri_9-1768071983345.png

 

 

In addition the IIS Application Pool for SCEP, if the NDES service account is a domain account, the "Load User Profile" option must still be enabled in the advanced configuration of the IIS application pool.

A_Gayathri_10-1768071984058.png

 

or via Power Shell:

 

 

Import-Module -Name WebAdministration
Set-ItemProperty IIS:\AppPools\SCEP -name processModel -value @{LoadUserProfile="true"}

 

 

Don't forget to reboot the SCEP server or simply restart IIS

A_Gayathri_11-1768071983259.png

 

Source

Need help or have any questions? Start a new discussion here and get the answers you need.

0 Kudos
Was this article helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.