Identifying Issued SCEP Certificates for iOS Enrollment

book

Article ID: 157532

calendar_today

Updated On:

Products

Mobile Management

Issue/Introduction

During typical iOS Device enrollment, SCEP certificates are issued to iOS devices with a generic subject. The serial number of the certificate will be unique but not easy to identify for a specific device or user.

Cause

The NDES requests a unique certificate but only the serial number differentiates the certificates. The serial number is not a convenient way to trace the certificate to the device.

Resolution

In MMCM 7.x, you can use a variable in the SCEP configuration. Authentication must be enabled for this variable to work.

  1. In the iOS side of the Configuration Editor, open your SCEP configuration.
  2. In the Subject field, change the text to: CN={USERNAME}
  3. Save the configuration.
  4. Re-enroll your iOS device.
  5. Examine the CA issued certificates list and check the Issued Common Name.

Applies To

Symantec Mobile Management for Configuration Manager 7.x

Attachments