Amazon Private CA Connector for SCEP - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Private CA Connector for SCEP

Connector for Simple Certificate Enrollment Protocol (SCEP) links Amazon Private Certificate Authority to your SCEP-enabled mobile devices and networking equipment. With Connector for SCEP, you can use Amazon Private CA to issue certificates and enroll your SCEP devices. Connector for SCEP is available to use with popular mobile device management (MDM) systems and is designed to work with clients or endpoints that supports SCEP.

Features

Support for SCEP protocol - SCEP is a widely-adopted protocol for getting digital identity certificates from a certificate authority (CA) and distributing them to mobile devices and networking gear. You can use Connector for SCEP to help you enroll your endpoints using SCEP.

Mobile device enrollment - You can use Connector for SCEP with popular MDM systems including Microsoft Intune and Jamf Pro.

Issue certificates at scale - After you configure your SCEP-enabled devices to request certificates through the connector's SCEP endpoint, your clients can automatically request certificates from Amazon Private CA.

How to get started with Connector for SCEP

To get started, launch the guided wizard from the Connector for SCEP management console which helps you create a connector and designate the private CA to use with the connector. After completing these steps, Connector for SCEP provides an endpoint and other configuration parameters that you can enter into your MDM systems or networking equipment. After configuring your MDM systems or networking equipment, your clients will automatically request certificates from Amazon Private CA. To learn more about how to get started with Connector for SCEP, see Get started with Connector for SCEP.

Connector for SCEP is related to the following Amazon services.

  • Amazon Private Certificate Authority - Amazon Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA.

  • Amazon Private CA Connector for Active Directory - Connector for AD links your Active Directory (AD) to Amazon Private CA. The connector brokers the exchange of certificates from Amazon Private CA to users and machines managed by your AD.

Access Connector for SCEP

You can create, access, and manage your Connector for SCEP connectors using any of the following interfaces:

  • Amazon Web Services Management Console - Provides a web interface that you can use to access Connector for SCEP. See Connector for SCEP management console.

  • Amazon Command Line Interface - Provides commands for a broad set of Amazon services, including Connector for SCEP. The Amazon CLI is supported on Windows, macOS, and Linux. For more information, see Amazon Command Line Interface.

  • Amazon SDKs - Provide language-specific APIs and take care of many of the connection details, such as calculating signatures, handling request retries, and error handling. For more information, see Amazon Command Line Interface.

  • Connector for SCEP API - Provides low-level API actions that you call using HTTPS requests. Using the Connector for SCEP API is the most direct way to access the service. However, the Connector for SCEP API requires that your application handle low-level details such as generating the hash to sign the request, and error handling. For more information, see Connector for SCEP API reference.

Pricing

Connector for SCEP is offered as a feature of Amazon Private CA at no additional cost. You only pay for Amazon Private Certificate Authority operations and certificates used to create and update connectors.

For the latest Amazon Private CA pricing information, see Amazon Private Certificate Authority Pricing. You can also use the Amazon pricing calculator to estimate costs.