The Certificate Enrollment Protocols (CEP) provision and support digital certificates for apps within Samsung devices. This feature is of great assistance to EMMs and third-party vendors. Why? Because the CEP helps complete certificate enrollment without device user intervention, further solidifying the claim that Samsung Knox devices provide both world-class security as well as industry-leading manageability.
Enterprises can use CEP to:
The CEP service is very robust, and supports the following enrollment protocols and standards:
SCEP, CMP, and CMC are frequently used certificate enrollment protocols for provisioning digital certificates. For more information on these protocols, see Internet Engineering Task Force (IETF).
Apps use CEP to acquire the public part of an asymmetric key. Asymmetric keys have a public part and a private part. The private part never leaves the Keystore, but the public part is freely distributed. The key owner can use the Keystore to apply the private part of the asymmetric key to an encrypted message to decrypt it.
CEP functions within the scope of either the Knox Workspace or personal space, depending on where it is installed. If the deployment objective is to provision and manage certificates for apps inside the Knox Workspace only, then you must install the CEP services within the Knox Workspace as follows:
If the objective is to provision and manage certificates for apps in the personal space, then you can install the CEP services in the personal space to provision and manage certificates.
EMM agents can call the CEP services in either the personal space or Knox Workspace. EMM agents don't have access to a service created outside their scope.