- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- General FAQs
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- White paper
- FAQs
- KBAs
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- MobileIron Cloud
- Microsoft Intune
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- MobileIron Core
- Admin Guide
- Knox Service Plugin
- Knox Mobile Enrollment
- Introduction
- FAQs
- KBAs
- Release notes
- Get Started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google Device Owner Support
- MDM Compatibility Matrices
- Device users
- Activity log
- Enrolling and unenrolling devices
- Configure devices
- Providing KME feedback
- Using the Knox Deployment App (KDA)
- Recovering Google FRP locked devices using KME
- Role-based access control (RBAC)
- Troubleshoot
- Knox Configure
- FAQs
- KBAs
- Release notes
- Mobile
- Wearables
- Shared Device
- Knox Manage
- Introduction
- FAQs
- KBAs
- Release notes
- How-to videos
- Getting Started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One Admin Guide
- Introduction
- Release notes
- FAQs
- KBAs
- How-to videos
- Get started
- Features
- EMM integration
- Troubleshoot
- Appendix
- Knox E-FOTA Migration Guide
- Knox E-FOTA Advanced Admin Guide
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox White Paper
The Certificate Enrollment Protocols (CEP) provision and support digital certificates for apps within Samsung devices. This feature is of great assistance to MDMs and third-party vendors. Why? Because the CEP helps complete certificate enrollment without device user intervention, further solidifying the claim that Samsung Knox devices provide both world-class security as well as industry-leading manageability.
Enterprises can use CEP to:
- Enroll, renew, or delete certificates
- Check your deployment's certificate enrollment or renewal status
The CEP service is very robust, and supports the following enrollment protocols and standards:
- Simple Certificate Enrollment Protocol (SCEP)
- Certificate Management Protocol (CMP)
- Certificate Management over Cryptographic Message Syntax, Enrollment Over Secure Transport (CMC-EST)
SCEP, CMP, and CMC are frequently used certificate enrollment protocols for provisioning digital certificates. For more information on these protocols, see Internet Engineering Task Force (IETF).
CEP asymmetric key acquisition
Apps use CEP to acquire the public part of an asymmetric key. Asymmetric keys have a public part and a private part. The private part never leaves the Keystore, but the public part is freely distributed. The key owner can use the Keystore to apply the private part of the asymmetric key to an encrypted message to decrypt it.
CEP operational environment
CEP functions within the scope of either the Work container or personal space, depending on where it is installed. If the deployment objective is to provision and manage certificates for apps inside the Work container only, then you must refer to your chosen MDM's documentation for instructions.
If the objective is to provision and manage certificates for apps in the personal space, then you can install the CEP services in the personal space to provision and manage certificates.
MDM agents can call the CEP services in either the personal space or Work container. MDM agents don't have access to a service created outside their scope.
