---
title: SCEP.PayloadContent
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/scep/payloadcontent-data.dictionary
---

# SCEP.PayloadContent

The SCEP dictionary.

## Declaration

```data
object SCEP.PayloadContent
```

## Properties

AllowAllAppsAccess: If true, all apps have access to the private key. Available: iOS 4+ | iPadOS 4+ | macOS 10.10+ | tvOS 9+ | visionOS 1+ | watchOS 3+ CAFingerprint: The fingerprint of the Certificate Authority certificate. Challenge: A preshared secret. Key Type: Always RSA. Key Usage: A bitmask indicating the use of the key. Possible values: 1: Signing 4: Encryption Some certificate authorities, such as Windows CA, support only encryption or signing, but not both at the same time. Available: iOS 4+ | iPadOS 4+ | macOS 10.11+ | tvOS 9+ | visionOS 1+ | watchOS 3+ KeyIsExtractable: If false, the system disables exporting the private key from the keychain. Available: iOS 4+ | iPadOS 4+ | macOS 10.13.4+ | tvOS 9+ | visionOS 1+ | watchOS 3+ Keysize: The key size, in bits. Name: A string that’s understood by the SCEP server; for example, a domain name like example.org. If a certificate authority has multiple CA certificates, this field can be used to distinguish which is required. Retries: The number of times the device should retry if the server sends a PENDING response. Available: iOS 4+ | iPadOS 4+ | macOS 10.10+ | tvOS 9+ | visionOS 1+ | watchOS 3+ RetryDelay: The number of seconds to wait between subsequent retries. The first retry is attempted without this delay. Available: iOS 4+ | iPadOS 4+ | macOS 10.10+ | tvOS 9+ | visionOS 1+ | watchOS 3+ Subject: The representation of an X.500 name as an array of OID and value. For example, /C=US/O=Apple Inc./CN=foo/1.2.5.3=bar translates to [ [ ["C", "US"] ], [ ["O", "Apple Inc."] ], …, [ [ "1.2.5.3", "bar" ] ] ]. OIDs can be represented as dotted numbers, with shortcuts for country (C), locality (L), state (ST), organization (O), organizational unit (OU), and common name (CN). SubjectAltName: The SCEP payload can specify an optional SubjectAltName dictionary that provides values required by the CA for issuing a certificate. You can specify a single string or an array of strings for each key. The values you specify depend on the CA you’re using, but might include DNS name, URL, or email values. For an example, see Sample Configuration Profile or Over-the-Air Profile Delivery and Configuration. URL: The SCEP URL. See Over-the-Air Profile Delivery and Configuration for more information about SCEP.

## Topics

### Objects

- [SCEP.PayloadContent.SubjectAltName](devicemanagement/scep/payloadcontent-data.dictionary/subjectaltname-data.dictionary.md)