Solved: Cisco ISE BYOD - SCEP Error on Apple Devices during provisioning

spitalfmi · ‎05-24-2018

Hi,

We are setting up Single-SSID BYOD on Cisco ISE 2.4 and facing issues during the provisioning of Apple Devices. The error shown when trying to install the profile services is: "Profile Installation Failed. The SCEP server returned an invalid response."

Any ideas?

Thanks,

Marc

Jason Kunst · ‎05-24-2018

It’s likely not working because you don’t have a valid certificate for your ISE nodes

Apple devices will fail to go through the BYOD flow unless it’s communicating with ISE node that has a trusted certificate

https://www.google.com/search?q=isebyod10.3&oq=isebyod10.3&aqs=chrome..69i57j69i64.3071j0j7&sourceid=chrome&ie=UTF-8

View solution in original post

Jason Kunst · ‎05-24-2018

It’s likely not working because you don’t have a valid certificate for your ISE nodes

Apple devices will fail to go through the BYOD flow unless it’s communicating with ISE node that has a trusted certificate

https://www.google.com/search?q=isebyod10.3&oq=isebyod10.3&aqs=chrome..69i57j69i64.3071j0j7&sourceid=chrome&ie=UTF-8

spitalfmi · ‎05-24-2018

Hi Jason,

Does that mean, that the Internal CA of ISE is not working with Apple devices? Respectively the user has to manually trust the root certificate?

For EAP, Admin and Portals I'm using a official signed certificate by a trusted CA (SwissSign).

Regards,

Marc

Jason Kunst · ‎05-24-2018

Its supported as you can see in the links I sent you.

After you installed the well-known cert did you regenerate the internal CA cert otherwise it won’t present correctly to the client.

Recommend you reach out to tac for any further troubleshooting as well