LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
      • Scenarios
        • Certificate-based Network Authentication
        • Certificate-based Authentication for Entra ID
        • Certificate-based Authentication for RDP
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • TLS Inspection (Sub CA) Certificate
      • Code Signing Certificate
      • Device Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
      • SCEPmanClient
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
      • cleverbridge
    • FAQs
      • General
      • Certificate Connector
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page
  • AppConfig:DbCSRValidation:Enabled
  • AppConfig:DbCSRValidation:ValidityPeriodDays
  • AppConfig:DbCSRValidation:AllowRenewals
  • AppConfig:DbCSRValidation:ReenrollmentAllowedCertificateTypes

Was this helpful?

  1. SCEPman Configuration
  2. SCEPman Settings

Enrollment REST API

Last updated 1 month ago

Was this helpful?

SCEPman Enterprise Edition only

Applicable to version 2.3.689 and above

These settings should only be applied to the SCEPman App Service, not the Certificate Master. Please refer to .

AppConfig:DbCSRValidation:Enabled

Linux: AppConfig__DbCSRValidation__Enabled

Value: true or false (default)

Description: This is a REST API endpoint that custom scripts and processes can use. See for details.

AppConfig:DbCSRValidation:ValidityPeriodDays

Linux: AppConfig__DbCSRValidation__ValidityPeriodDays

Value: Positive Integer

Description: This setting further reduces the global ValidityPeriodDays for the REST API endpoint. For example, you may define a value like 365 days here and set the global to 730. Then, certificates issued through the API will have one year validity, while certificates issued through other endpoints may be valid up to two years.

Additionally, you can include an extension in your PKCS#10 requests to enroll certificates with a specific individual validity that is lower than the one configured here.

AppConfig:DbCSRValidation:AllowRenewals

Linux: AppConfig__DbCSRValidation__AllowRenewals

Value: true or false (default)

AppConfig:DbCSRValidation:ReenrollmentAllowedCertificateTypes

Linux: AppConfig__DbCSRValidation__ReenrollmentAllowedCertificateTypes

Value: Comma-separated list of certificate types from this list:

  • DomainController

  • Static

  • IntuneUser

  • IntuneDevice

  • JamfUser

  • JamfUserWithDevice

  • JamfUserWithComputer

  • JamfDevice

  • JamfComputer

Description: You can use the simplereenroll endpoint for certificates of the types specified in this setting. If you do not specifiy any value, it defaults to no types, i.e. you cannot use the simplereenroll endpoint.

For example, if you wanted to renew certificates issued manually through Certificate Master, you would specify Static. If you also want to renew Domain Controller certificates, you would specify DomainController,Static.

Description: This allows using the EST "simplereenroll" endpoint, enabling . It works only for certificate types added to

SCEPman Settings
our article on how to use the REST API
AppConfig:ValidityPeriodDays
certificate renewal using mTLS
AppConfig:DbCSRValidation:ReenrollmentAllowedCertificateTypes.