Amazon Private CA Connector for Simple Certificate Enrollment Protocol (SCEP) (Preview)
| Connector for SCEP is in preview release for Amazon Private CA and is subject to change. |
What is Connector for SCEP?
Connector for Simple Certificate Enrollment Protocol (SCEP) links Amazon Private Certificate Authority to your SCEP-enabled mobile devices and networking equipment. With Connector for SCEP, you can use Amazon Private CA to issue certificates and enroll your SCEP devices. Connector for SCEP is available to use with popular mobile device management (MDM) systems and is designed to work with clients or endpoints that supports SCEP.
Topics
Features of Connector for SCEP
Support for SCEP protocol - SCEP is a widely-adopted protocol for getting digital identity certificates from a certificate authority (CA) and distributing them to mobile devices and networking gear. You can use Connector for SCEP to help you enroll your endpoints using SCEP.
Mobile device enrollment - You can use Connector for SCEP with popular MDM systems including Microsoft Intune and Jamf Pro.
Issue certificates at scale - After you configure your SCEP-enabled devices to request certificates through the connector's SCEP endpoint, your clients can automatically request certificates from Amazon Private CA.
How to get started with Connector for SCEP
To get started, launch the guided wizard from the Connector for SCEP management console
Related services
Connector for SCEP is related to the following Amazon services.
Amazon Private Certificate Authority - Amazon Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA.
Amazon Private CA Connector for Active Directory - Connector for AD links your Active Directory (AD) to Amazon Private CA. The connector brokers the exchange of certificates from Amazon Private CA to users and machines managed by your AD.
Accessing Connector for SCEP
You can create, access, and manage your Connector for SCEP connectors using any of the following interfaces:
Amazon Web Services Management Console - Provides a web interface that you can use to access Connector for SCEP. See Connector for SCEP management console
. Amazon Command Line Interface - Provides commands for a broad set of Amazon services, including Connector for SCEP. The Amazon CLI is supported on Windows, macOS, and Linux. For more information, see Amazon Command Line Interface
. Amazon SDKs - Provide language-specific APIs and take care of many of the connection details, such as calculating signatures, handling request retries, and error handling. For more information, see Amazon Command Line Interface
. Connector for SCEP API - Provides low-level API actions that you call using HTTPS requests. Using the Connector for SCEP API is the most direct way to access the service. However, the Connector for SCEP API requires that your application handle low-level details such as generating the hash to sign the request, and error handling. For more information, see Connector for SCEP API reference.
Pricing for Connector for SCEP
Connector for SCEP is offered as a feature of Amazon Private CA at no additional cost. You only pay for Amazon Private Certificate Authority operations and certificates used to create and update connectors.
For the latest Amazon Private CA pricing information, see Amazon Private Certificate Authority Pricing