Certificate Management

The process of deploying and maintaining digital certificates for authentication and encryption. MDM leverages SCEP and configuration profiles for scale.

What to Know

Certificate management is foundational to enterprise network security, enabling passwordless authentication to Wi-Fi, VPN, email servers, and internal applications. Without proper certificate deployment, organizations must rely on static passwords or less secure authentication methods, increasing the risk of credential theft and unauthorized access. MDM-driven certificate management using SCEP (Simple Certificate Enrollment Protocol) automates issuance, renewal, and revocation at scale, ensuring devices maintain valid credentials without manual user intervention.

Poor certificate hygiene leads to service outages when certificates expire, security vulnerabilities when revoked certificates aren’t removed, and user frustration when authentication fails unexpectedly. Proper certificate lifecycle management through MDM is essential for maintaining both security posture and operational continuity.

Common Scenarios

Enterprise IT: Corporate Wi-Fi networks use 802.1X certificate-based authentication to ensure only authorized devices can connect. IT deploys device certificates via SCEP through MDM, eliminating the need for shared Wi-Fi passwords and enabling automatic re-enrollment when certificates near expiration. This is also used for VPN access, internal web portals, and email signing.

MSP: MSPs configure certificate-based authentication for clients to reduce password sprawl and improve security compliance. They integrate SCEP with client certificate authorities to automate certificate deployment across managed devices, reducing support tickets related to Wi-Fi or VPN authentication failures.

Education: Schools deploy certificates to student devices for secure access to campus Wi-Fi and filtering proxies. Certificate-based authentication prevents students from sharing network credentials and allows IT to revoke access immediately when a device is reassigned or a student graduates.

In Addigy

Addigy supports certificate deployment through both manual certificate profiles (for static certificates) and SCEP payloads (for dynamic certificate issuance). Admins can configure SCEP profiles to integrate with external certificate authorities, automatically issuing unique device certificates during enrollment. Addigy’s certificate inventory provides visibility into installed certificates, expiration dates, and validation status, helping admins proactively rotate certificates before expiration causes service disruption.