SCEP Cert Deployment for Android

6str1ngt3ch · ‎10-24-2022

Trying to deploy SCEP certs for an Android device and keep getting a notification on the device itself which says "Please ensure that a password is set to enable certificate installation". I'm having trouble figuring out exactly where this password needs to be applied. The device has a policy to apply a passcode so don't think that is it. The config for the SCEP Cert itself doesn't ask for a password and there's no Meraki documentation that refers to this that I have been able to find. Hoping someone here has come across this issue before and can help. Thanks in advance!

alemabrahao · ‎10-24-2022

Maybe this?

https://documentation.meraki.com/SM/Profiles_and_Settings/Certificates_Payload_(Pushing_Certificates)

6str1ngt3ch · ‎10-25-2022

I saw this but this doesn't seem to be related to other types of certs. I'm referring to this basically https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

I've signed the cert using my CA and then tried to issue certs from that using a config profile

alemabrahao · ‎10-25-2022

You need to generate a key:

6str1ngt3ch · ‎10-25-2022

yeah I followed that to the letter. I extracted the private key from my root CA (I'm using Microsoft CA) in order to sign this with openssl.

Then I go to create a SCEP cert config and that's where things get stuck

I feel there's something in between that I'm missing but not sure

PaulF · ‎10-27-2022

First step is to ensure that there's a PIN on the device. Having just the policy isn't good enough. The PIN needs to be there. No PIN, no certs

Secondly, you don't need to do any of the steps below. Just a SCEP policy, as below:

And just make sure you've followed the steps here:

Signing the Meraki MDM CA with your own - YouTubehttps://www.youtube.com › watch

6str1ngt3ch · ‎10-27-2022

Hi @PaulF I do have a passcode policy set as well

and it indeed did enforce the creation of a passcode on the device.