• When configuring the certificate password settings, Workspace ONE UEM recommends using the default setting (dynamic password mode).
  • Although Workspace ONE UEM supports the use of the registry setting for Single Password mode, Workspace ONE UEM does not recommend using the setting. The “Single Password” mode sets a static challenge password all devices can use which can expose security vulnerabilities.
  • If the NDES/SCEP/MSCEP challenge cache is full, (an issue which could arise when publishing a profile, for example), edit the cache value by:
    1. Run regedit.exe to edit the PasswordMax value.
    2. The PasswordMax value is located at: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MSCEP (or NDES/SCEP) within the registry.
    3. Increase the PasswordMax value to a number greater than the default value of 5.