Meraki

Community

SCEP Cert Deployment for Android

6str1ngt3ch
Conversationalist
‎Oct 24 2022 1:12 PM
‎Oct 24 2022 1:12 PM

SCEP Cert Deployment for Android

Trying to deploy SCEP certs for an Android device and keep getting a notification on the device itself which says "Please ensure that a password is set to enable certificate installation".  I'm having trouble figuring out exactly where this password needs to be applied.  The device has a policy to apply a passcode so don't think that is it.  The config for the SCEP Cert itself doesn't ask for a password and there's no Meraki documentation that refers to this that I have been able to find.  Hoping someone here has come across this issue before and can help.  Thanks in advance!

Labels:
0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
‎Oct 24 2022 2:16 PM
‎Oct 24 2022 2:16 PM

Maybe this?

 

 

https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
6str1ngt3ch
Conversationalist
‎Oct 25 2022 5:59 AM
‎Oct 25 2022 5:59 AM

I saw this but this doesn't seem to be related to other types of certs.  I'm referring to this basically https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

 

I've signed the cert using my CA and then tried to issue certs from that using a config profile

0 Kudos
In response to 6str1ngt3ch
alemabrahao
Kind of a big deal
‎Oct 25 2022 6:05 AM
‎Oct 25 2022 6:05 AM

You need to generate a key:

 

alemabrahao_0-1666703099575.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
6str1ngt3ch
Conversationalist
‎Oct 25 2022 7:16 AM
‎Oct 25 2022 7:16 AM

yeah I followed that to the letter.  I extracted the private key from my root CA (I'm using Microsoft CA) in order to sign this with openssl.

6str1ngt3ch_0-1666707999494.png

Then I go to create a SCEP cert config and that's where things get stuck

6str1ngt3ch_1-1666707365692.png

I feel there's something in between that I'm missing but not sure

0 Kudos
PaulF
Meraki Employee
Meraki Employee
‎Oct 27 2022 5:59 AM
‎Oct 27 2022 5:59 AM

First step is to ensure that there's a PIN on the device. Having just the policy isn't good enough. The PIN needs to be there. No PIN, no certs

 

Secondly, you don't need to do any of the steps below. Just a SCEP policy, as below:

 

Screenshot 2022-10-27 at 1.58.31 PM.png

 

And just make sure you've followed the steps here:

 

Signing the Meraki MDM CA with your own - YouTubehttps://www.youtube.com › watch

0 Kudos
In response to PaulF
6str1ngt3ch
Conversationalist
‎Oct 27 2022 6:18 AM
‎Oct 27 2022 6:18 AM

Hi @PaulF I do have a passcode policy set as well

6str1ngt3ch_0-1666876504866.png

and it indeed did enforce the creation of a passcode on the device. 

 

0 Kudos
In response to 6str1ngt3ch
MR45EOL
Here to help
‎Jun 20 2024 5:22 AM
‎Jun 20 2024 5:22 AM

Having the exact same issue. Did you ever find a solution? It seems like the SCEP cert should be deployed to the work profile and it seems like it doesnt think there is a passcode in the profile that it wants to install the cert in.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.