SCEP issue

Take a look at this KB:
https://jamfnation.jamfsoftware.com/article.html?id=34

In particular, pay attention to the last 3 ports in the second chart. I'm pretty certain those all need to be open for MDM stuff to work, so I'd start there. There may be other ones though. In the case of SCEP and Configurator, I'm unclear how that all communicates, so it may be something other than those.

Unfortunately, this process of "block it all until people start b*tching" is all too common with networking teams. They are a particularly paranoid bunch and need to get out of their dark cubicles every once in a while. :)

This is great info, but it does not list which port the SCEP server request would be using. Still looking to see if anyone knows the exact port. Thank you @mm2270 for the info though.

According to Cisco, SCEP uses port 80 in most cases.

The use of the network-based approach has the chief benefit of improving scalability and limiting operational overhead. SCEP enables an endpoint to request a certificate or other certificate-related functions (revocation checking, and so on) remotely. SCEP runs on TCP port 80; however, it can also run on a nonstandard TCP port. SCEP-based enrollment is configured in trustpoint mode. TCP port 80 is the default port used for SCEP and is configurable using the enrollment command. If a nonstandard port is used, make sure the http server configuration on the CA matches the nonstandard port.

If you'd like to read the Cisco article I grabbed this from, you can read it here: http://www.ciscopress.com/articles/article.asp?p=1684781

Be nice to your network teams. They are usually at the whim of the security team. :-)

Apple's OS X Server Profile Manager requires 1640 for SCEP, according to the documentation, so I'd try that port. Reference: http://training.apple.com/pdf/wp_osx_configuration_profiles.pdf

Just stating the obvious, because that often gets overlooked:

In order to reach the following URL: https://jss.mydistrict:8443//CA/SCEP

Port 8443/TCP will have to be open.