Configuring the NDES server

From the server, log in as an SCEPAdmin
domain user.

From Server Manager, click

Manage

Add Roles and Feature

Click

Server Roles

, select

Active Directory Certificate Services

and all its features, and then click

From the AD CS Role Services section, clear

Certification Authority

Select

Network Device Enrollment Service

and all its features, and then click

From the Web Server Role (IIS) Role Services section, retain the default settings.

After installation, click

Configure Active Directory Certificate Services on the destination server

From the Role Services section, select

Network Device Enrollment Service

, and then click

Select the SCEPSvc
service account.

From the CA for NDES section, select either

CA name

Computer name

, and then click

From the RA Information section, specify the information, and then click

From the Cryptography for NDES section, do the following:

Select the appropriate signature and encryption key providers.

From the Key length menu, select the same key length as the CA server.

Click

Complete the installation.

You can now access the NDES server from a web browser as an SCEPSvc user. From the NDES server, you can view the CA certificate thumbprint, the enrollment challenge password, and the validity period of the challenge password.

Accessing the NDES server

Open a web browser, and then type

http://NDESserverIP
/certsrv/mscep_admin

, where

NDESserverIP

is the IP address of the NDES server.