Procedure

1. Install Certificate Authority
   For the detailed Certificate Authority installation procedure, refer to the following URL:

   http://msdn.microsoft.com/en-us/library/ff720354.aspx

   Note If you do not want to use SCEP, you do not need to install the Certificate Authority.

2. Configure Simple Certificate Enrollment Protocol (SCEP)
   If you have set up SCEP on Windows Server 2008, install the Network Device Enrollment Service for Windows Server. Refer to the following URL for the installation and deployment procedure of Network Device Enrollment Service:

   http://esupport.trendmicro.com/solution/en-us/1060187.aspx

   or

   http://technet.microsoft.com/en-us/library/ff955646(WS.10).aspx.

   Note If you want to use SCEP, Trend Micro recommends using it on Windows Server 2008.

   If you have set up SCEP on Windows Server 2003, install the SCEP Add-on for Certificate Services. Go to the following URL to download SCEP Add-on for Certificate Services:

   http://esupport.trendmicro.com/solution/en-us/1060258.aspx

   or

   http://www.microsoft.com/downloads/details.aspx?FamilyID=9F306763-D036-41D8-8860-1636411B2D01&displaylang=e&displaylang=en
3. Verify system clocks
   Make sure that the system clocks of SCEP server, Communication Server and the Management Server are set to the correct time.
4. Modify Policy Module properties for Certificate Authority:
   1. On the computer where Certificate Authority is installed, open the Certification Authority management console.
   2. Click Policy Module tab, and then click Properties.
   3. Select Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate.
   4. Click OK.
5. Apply the following set of rules:
   • iOS mobile devices should be able to connect to the Communication Server.
   • Communication Server should be able to connect to the SCEP server.
   • iOS mobile devices should be able to directly connect to the SCEP server when enrolling to the Mobile Security server.
6. Verify the SCEP installation (Optional):
   • For SCEP running on Windows Server 2008, access the following URL from the Communication Server:
     http://SCEPServerIP/certsrv/mscep_admin

     Note Replace SCEPServerIP with the actual SCEP server IP address in the URL.

   • For SCEP running on Windows Server 2003, access the following URL from the Communication Server:
     http://SCEPServerIP/certsrv/mscep

     Note Replace SCEPServerIP with the actual SCEP server IP address in the URL.

   If you see the Web page similar to the following, your server is configured correctly:

   

   Configuration Verification

   Note When iOS mobile device enrolls, it will be able to access the following URL: http://SCEPServerIP/certsrv/mscep The iOS mobile device only needs to connect to the SCEP server for enrollment, and does not require this connection for any further use.