- When configuring the certificate password settings, AirWatch recommends using the default setting (dynamic password mode).
- Although AirWatch supports the use of the registry setting for Single Password mode, AirWatch does not recommend using the setting. The “Single Password” mode sets a static challenge password all devices can use which can expose security vulnerabilities.
- If the NDES/SCEP/MSCEP challenge cache is full, (an issue which could arise when publishing a profile, for example), edit the cache value by:
regedit.exe to edit the PasswordMax value.
- The PasswordMax value is located at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP (or NDES/SCEP) within the registry.
- Increase the PasswordMax value to a number greater than the default value of 5.