Understanding the automated certificate management feature
You can configure MVE to manage printer certificates automatically, and then install them to the printers through configuration enforcement. The following diagram describes the end-to-end process of the automated certificate management feature.
The certificate authority endpoints, such as the CA server and server address, must be defined in MVE.
The following CA servers are supported:
OpenXPKI CA
—Users can use either of the following protocols:
Secure Certificate Encryption Protocol (SCEP)
EST Connector
EST is the recommended way to connect to the OpenXPKI server.
For more information on configuring OpenXPKI CA using EST protocol, see
For more information on configuring OpenXPKI CA using SCEP protocol, see
Microsoft CA Enterprise
—Users can use either of the following protocols
Secure Certificate Encryption Protocol (SCEP)
Microsoft Certificate Enrollment Web Services (MSCEWS)
MSCEWS is the recommended way to connect to the Microsoft CA Enterprise server.
For more information on configuring Microsoft CA using MSCEWS protocol, see
For more information on configuring Microsoft CA using SCEP protocol, see
The connection between MVE and the CA servers must be validated. During validation, MVE communicates with the CA server to download the certificate chain and the Certificate Revocation List (CRL). The enrollment agent certificate or test certificate is also generated. This certificate enables the CA server to trust MVE.