Installing a Certificate Using SCEP Enrollment

Before you begin

Note	Using SCEP enrollment establishes a direct connection between the managed device and the CA server. So be sure your device is connected to the CA server before beginning the enrollment process.

Procedure

Step 1	On the Devices > Certificates screen, choose Add to open the Add New Certificate dialog.
Step 2	Choose a device from the Device drop-down list.
Step 3	Associate a certificate enrollment object with this device in one of the following ways: Choose a Certificate Enrollment Object of the type SCEP from the drop-down list. Click (+), to add a new Certificate Enrollment Object, see Adding Certificate Enrollment Objects.
Step 4	Press Add, to start the automatic enrollment process. For SCEP enrollment type trustpoints, the CA Certificate status will transition from InProgress to Available as the CA Certificate is obtained from the CA server and installed on the device. The Identity Certificate will go from InProgress to Available as the device obtains its identity certificate using SCEP from the specified CA. Sometimes, a manual refresh might be required to obtain the identity certificate.
Step 5	Click the magnifying glass to view the Identity Certificate created and installed on this device.

What to do next

When enrollment is complete, a trustpoint exists on the device with the same name as the certificate enrollment object. Use this trustpoint in the configuration of your Site to Site and Remote Access VPN Authentication Method