SCEP certificates with automatic properties

T1
Building a reputation

SCEP certificates with automatic properties

Has anyone had any luck with creating SCEP certificates with automatic properties like owner email, ? I'm getting a error as soon as I add an automatic property to the cert:

 

There were errors in saving this configuration:

  • One or more errors occurred. No changes have been saved.
  • Cert test - Pcc mc custom scep payloads base Asset tag is not in the correct format.
4 REPLIES 4
SoCalRacer
Kind of a big deal

The way SCEP is supposed to work with Meraki is that you download the cert from the dashboard and then you sign it with your CA, then reupload it to the dashboard. Is that the process you are using?

T1
Building a reputation

You can sign it with your own CA if required, but it works without it as well. I wanted to explore a possibility of a cert only sign on where SP requires username as part of the subject. SM allows usage of automatic attributes there like owner email or device serial number. I just got the code wrong. It should read CN= [owner email] not just [owner email].
SoCalRacer
Kind of a big deal

T1
Building a reputation

Trusted access is not really our cup of tea. We do want to restrict access to prod WiFi to enrolled devices only and WiFi settings payload does a good job as it is. Custom certs, however, provide a flexible way to implement passwordless authentication and I can generate different certs for different subsets of users accessing different SPs. If Meraki ever implements a SRL, that would be great.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels