none
How to define challenge password (SCEP) manually in windows 2008 Enterprise CA

    Question

  • reference doc (I can't past link, so I just list doc name):
    Network Device Enrollment Service (NDES) in Active Directory Certificate Services (AD CS)

    ==

    The doc said this one-time password is random.

    We can modify Registry to change password length and valid time.

    But I can't find how to define this password manually.

    e.g.  I want to set 3 password in password list/cache : aaaaa, bbbb, cccc.

    Someone know how to does this ?   

    Thanks.


    • Edited by dognull Friday, December 07, 2012 1:26 AM change some word
    Friday, December 07, 2012 1:24 AM

Answers

  • The password generated by NDES/SCEP is part of the authentication/authorization process implemented in SCEP. A Device admin accesses the SCEP- admin page and receives a temporary/one-time password. The password is used on the device to authorize the certificate request.

    By using a static password, you are going to mix different sessions and break the whole authorizations/security model!

    /Hasain

    Monday, December 10, 2012 10:20 PM

All replies

  • The password generated by NDES/SCEP is part of the authentication/authorization process implemented in SCEP. A Device admin accesses the SCEP- admin page and receives a temporary/one-time password. The password is used on the device to authorize the certificate request.

    By using a static password, you are going to mix different sessions and break the whole authorizations/security model!

    /Hasain

    Monday, December 10, 2012 10:20 PM
  • Hi,
     
    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
      
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
      
    Best Regards
      
    Kevin
    Thursday, December 13, 2012 1:48 AM