There are several changes in features in NDES that were not available in previous Microsoft implementations of SCEP:
- Designate Certificate Templates Previous versions of SCEP did not allow you to configure certificate templates for each request type.
- Certificate Renewal NDES now supports renewing the service certificates.
- More secure default settings NDES changes the default settings to more secure values. For example, a password is now required by default for SCEP requests. Also, the maximum number of passwords it caches in memory was reduced from 100 to 5.
- Allow SCEP to be installed on a computer other than a CA Previous versions of Microsoft SCEP required that the SCEP service be installed on an existing CA.
- New default signing algorithm Previous versions of Microsoft SCEP used MD5 as the default hash algorithm. NDES now uses SHA1 as the default but allows you to revert to MD5 through a registry change.
- Service credentials NDES can now run with a dedicated service account or the Network Service account rather than using the Local System account.
- Request size limit NDES limits the request size to 64 KB to prevent buffer overflow attacks.