Fortinet black logo

Administration Guide

SCEP

SCEP

FortiAuthenticator contains a Simple Certificate Enrollment Protocol (SCEP) server that can sign user CSRs, and distribute CRLs and CA certificates. To use SCEP, you must:

  • Enable HTTP administrative access on the interface(s) connected to the Internet. See Network.
    Note

    The recommended configuration for SCEP interfaces includes:

    • One dedicated interface for system administration which includes enforced IP address restriction on admin access.
    • One dedicated interface for service provisioning.
    • One dedicated interface for the HA heartbeat when configured in an HA cluster.

Users can request a user certificate through online SCEP, found at http://<FortiAuthenticator-IP-Address>/app/cert/scep.

This section contains the following topics:

SCEP

FortiAuthenticator contains a Simple Certificate Enrollment Protocol (SCEP) server that can sign user CSRs, and distribute CRLs and CA certificates. To use SCEP, you must:

  • Enable HTTP administrative access on the interface(s) connected to the Internet. See Network.
    Note

    The recommended configuration for SCEP interfaces includes:

    • One dedicated interface for system administration which includes enforced IP address restriction on admin access.
    • One dedicated interface for service provisioning.
    • One dedicated interface for the HA heartbeat when configured in an HA cluster.

Users can request a user certificate through online SCEP, found at http://<FortiAuthenticator-IP-Address>/app/cert/scep.

This section contains the following topics: