Even if you protect your corporate email, Wi-Fi and VPN with strong passcodes and other restrictions, your infrastructure still remains vulnerable to brute force and dictionary attacks, in addition to employee error. For greater security, you can implement digital certificates to protect corporate assets. To do this, you must first define a certificate authority, then configure a Credentials payload alongside your EAS, Wi-Fi or VPN payload. Each of these payloads has settings for associating the certificate authority defined in the Credentials payload.
Create a SCEP Profile
To push certificates down to devices, you need to configure a SCEP payload as part of the profiles you created for EAS, Wi-Fi and VPN settings. Use the following instructions to create a certificate-enabled profile:
- Navigate to Devices > Profiles > List View > Add and select iOS from the platform list.
- Configure General profile settings as appropriate.
- Select either an EAS, Wi-Fi or VPN payload to configure. Fill out the necessary information, depending on the payload you selected.
- Select the SCEP payload and select your SCEP Certificate Authority and Certificate Template from the drop-down lists. Navigate back to the previous payload for EAS, Wi-Fi or VPN.
- Specify the Identity Certificate in the payload:
- EAS – Select the Payload Certificate under Login Information.
- Wi-Fi – Select a compatible Security Type (WEP Enterprise, WPA/WPA2 Enterprise or Any (Enterprise)) and select the Identity Certificate under Authentication.
- VPN – Select a compatible Connection Type (for example, CISCO AnyConnect, F5 SSL) and select Certificate from the User Authentication drop-down. Select the Identity Certificate.
- Select Save and Publish when you are done configuring any remaining settings.