Entrust PKI as a Service provides the following certificate profiles for MDM-SCEP enrollment with Certificate Enrollment Gateway.

Profile

Usages

mdmws-digital-signature-key-encipherment

Digital signature and key encipherment.

mdmws-digital-signature

Digital signature.

mdmws-key-encipherment

Key encipherment.

mdmws-non-repudiation

Digital signature and non repudiation.

Unless specified in an MDM-SCEP request, these MDM-SCEP certificate profiles have a 3-year duration. These MDM-SCEP certificate profiles support the following extensions in the certificate requests.

Certificate request extension

OID

CertificatePolicies

2.5.29.32

ExtendedKeyUsage

2.5.29.37

ApplicationPolicies

1.3.6.1.4.1.311.21.10

SmimeCapabilities

1.2.840.113549.1.9.15

MSTemplateOID

1.3.6.1.4.1.311.21.7

MSTemplateName

1.3.6.1.4.1.311.20.2