The last component to be installed is the SCEP plug-in. This module is responsible for requesting certificates on behalf of the user. It will make use of the CA and NDE functionality.
Select the version of the module to be installed. On a x64 architecture, the 64-bit version should be selected.
This starts the SCEP installation wizard.
Type: Microsoft SQL Server
This ends the installation of SAP Afaria 7.00. Now a fully functional SAP Afaria environment is installed and available on the same Windows Server 2008 R2. Be aware that it is a version of Afaria from 2012. Next step is to upgrade this version to the latest version available.
To enroll an iOS device to SAP Afaria, a certificate for this device is needed. For mobile apps, SAP Afaria client can be used to request a user certificate from the CA. All these requests are handled by SAP Afaria, making the certificate handling transparent to the user. For doing this, SAP Afaria needs a CA with NDE enabled.
Install a CA
Add a user for NDE
Install a CA
See previous blog about how to install a CA.
Add user for NDE
Create a user for NDE service using Windows tool: Active Directory Users and Computers.
Add a new user.
First name: ndeuser
Last name: n/a
Full name: ndeuser
Inform password. As this is a test environment installation, it makes sense to not have a user whose password expires every N month.
Password never expires: yes
Confirm user data.
Assign user to group
Add ndeuser to IIS group using Windows tool: Active Directory Users and Computers.
Open the AD domain and go to folder Builtin. Select group IIS_IUSRS.
Go to tab Members
Enter user: ndeuser and select Check Names.
This adds the AD user ndeuser to the local group IIS_IUSRS. This is needed for the NDE service of CA.
Add service NDE to Windows Server
Add Role Services.
Network Device Enrollment Service
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
And all dependencies
Inform the user created earlier: firstname.lastname@example.org
Inform registration authority (RA) information.
RA Name: Tobias-RA
Country: BR (or your country)
City: Rio de Janeiro (or your city)
State: RJ (or your state)
Inform key strength of RA
Inform the CA that will be used by NDE (use previously created CA).
Select authentication type going to be used to log on to NDE.
Windows Integrated Authentication: Yes
Specifiy service account: email@example.com
Select a SSL certificate. Chose to select a SSL certificate later, as this certificate still does not exist and will be created later on.
Check the selected server roles.
Windows installs and configures NDE.
NDE installed on Windows Server, using previously installed CA for requesting certificates.