Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5520
Views
2
Helpful
7
Replies

SCEP Cert Deployment for Android

6str1ngt3ch
Community Member

‎10-24-2022 01:12 PM

Trying to deploy SCEP certs for an Android device and keep getting a notification on the device itself which says "Please ensure that a password is set to enable certificate installation". I'm having trouble figuring out exactly where this password needs to be applied. The device has a policy to apply a passcode so don't think that is it. The config for the SCEP Cert itself doesn't ask for a password and there's no Meraki documentation that refers to this that I have been able to find. Hoping someone here has come across this issue before and can help. Thanks in advance!

Labels:
0 Helpful
7 Replies 7

aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎10-24-2022 02:16 PM

Maybe this?

https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates)

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

6str1ngt3ch
Community Member
In response to aleabrahao

‎10-25-2022 05:59 AM

I saw this but this doesn't seem to be related to other types of certs. I'm referring to this basically https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu/MDM_Settings#SCEP_CA_Certificate

I've signed the cert using my CA and then tried to issue certs from that using a config profile

0 Helpful

aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to 6str1ngt3ch

‎10-25-2022 06:05 AM

You need to generate a key:

image.png

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

6str1ngt3ch
Community Member
In response to aleabrahao

‎10-25-2022 07:16 AM

yeah I followed that to the letter. I extracted the private key from my root CA (I'm using Microsoft CA) in order to sign this with openssl.

image.png

Then I go to create a SCEP cert config and that's where things get stuck

image.png

I feel there's something in between that I'm missing but not sure

0 Helpful

Arthur Dent
Cisco Employee
Cisco Employee

‎10-27-2022 05:59 AM

First step is to ensure that there's a PIN on the device. Having just the policy isn't good enough. The PIN needs to be there. No PIN, no certs

Secondly, you don't need to do any of the steps below. Just a SCEP policy, as below:

image.png

And just make sure you've followed the steps here:

Signing the Meraki MDM CA with your own - YouTubehttps://www.youtube.com › watch

0 Helpful

6str1ngt3ch
Community Member
In response to Arthur Dent

‎10-27-2022 06:18 AM

Hi @Arthur Dent I do have a passcode policy set as well

image.png

and it indeed did enforce the creation of a passcode on the device.

0 Helpful

EmanuelJSC
Community Member
In response to 6str1ngt3ch

‎06-20-2024 05:22 AM

Having the exact same issue. Did you ever find a solution? It seems like the SCEP cert should be deployed to the work profile and it seems like it doesnt think there is a passcode in the profile that it wants to install the cert in.

0 Helpful
Customers Also Viewed These Support Documents