SCEP Cert Deployment for Android


SCEP Cert Deployment for Android

Trying to deploy SCEP certs for an Android device and keep getting a notification on the device itself which says "Please ensure that a password is set to enable certificate installation".  I'm having trouble figuring out exactly where this password needs to be applied.  The device has a policy to apply a passcode so don't think that is it.  The config for the SCEP Cert itself doesn't ask for a password and there's no Meraki documentation that refers to this that I have been able to find.  Hoping someone here has come across this issue before and can help.  Thanks in advance!


I saw this but this doesn't seem to be related to other types of certs.  I'm referring to this basically


I've signed the cert using my CA and then tried to issue certs from that using a config profile

You need to generate a key:




yeah I followed that to the letter.  I extracted the private key from my root CA (I'm using Microsoft CA) in order to sign this with openssl.


Then I go to create a SCEP cert config and that's where things get stuck


I feel there's something in between that I'm missing but not sure

Meraki Employee

First step is to ensure that there's a PIN on the device. Having just the policy isn't good enough. The PIN needs to be there. No PIN, no certs


Secondly, you don't need to do any of the steps below. Just a SCEP policy, as below:


Screenshot 2022-10-27 at 1.58.31 PM.png


And just make sure you've followed the steps here:


Signing the Meraki MDM CA with your own - YouTube › watch


Hi @PaulF I do have a passcode policy set as well


and it indeed did enforce the creation of a passcode on the device. 


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.