SCEP Certificate missing required extensions


SCEP Certificate missing required extensions



I tried renewing our SCEP cert with our Windows certification authority and it will not upload due to error "SCEP Certificate missing required extensions". We dont use OPENSSL for our CA so the instructions and help article do not help... What are the required extensions??

Kind of a big deal
Kind of a big deal

What in Meraki land are you using SCEP for?


If you open the Certificate Template in Microsoft CA server - what are listed as the required extensions?

I would guess for Wi-Fi security and authentication, but I am not sure why we are using that. Since it would make the Meraki portal a subordinate CA, i believe it would use the subordinate CA template. That one I have set to only require a common name. Systems manager has a new requirement that an additional file is icreated when the cert is generated. I created a template that has these extra settings but still no luck with the cert.


Where `configuration_file.ext` contains the following extension value pairs:

basicConstraints = critical,CA:true,pathlen:0
keyUsage = critical,keyCertSign,digitalSignature
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.