Installing Microsoft NDES on a Windows server
Information about installing NDES on a Windows server that is available on your network.
You can use the same server for certificate integration with Cloud Extender®, but install NDES and the Cloud Extender certificate integration on a different server than your CA. You can install NDES from the Microsoft Server Manager. Cloud Extender only needs to communicate with NDES to receive device certificates. If you have not installed NDES on your Windows Server, see the Microsoft article at https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx for instructions on how to enable NDES on the Microsoft server.
Required permissions to set up Microsoft NDES
Permission | Description |
---|---|
SCEP Admin | The user who logs into the server and installs NDES. This user must meet the following requirements:
|
SCEP Service Account | The credentials that are used to run the NDES service. This account must have the following credentials:
|
Device Administrator | The user who manages the devices and requests a one-time password from the service to
enable security enrollment. This user must have Enroll permissions on the certificate template that is used by NDES to request certificates against the CA. |
Confirming that SCEP is working on the Cloud Extender server
- From Internet Explorer on the Cloud Extender server, go to the SCEP Admin URL at http://<ServerName>/certsrv/mscep_admin/.
- Provide the credentials for the Device Administrator. As an example, the following type of window might be displayed: