cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SCEP Certificate missing required extensions

eh_cve_cc
Conversationalist
‎07-06-2023 12:28 PM
‎07-06-2023 12:28 PM

SCEP Certificate missing required extensions

Hello,

 

I tried renewing our SCEP cert with our Windows certification authority and it will not upload due to error "SCEP Certificate missing required extensions". We dont use OPENSSL for our CA so the instructions and help article do not help... What are the required extensions??

Labels:
0 Kudos
Subscribe
2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎07-06-2023 05:05 PM
‎07-06-2023 05:05 PM

What in Meraki land are you using SCEP for?

 

If you open the Certificate Template in Microsoft CA server - what are listed as the required extensions?

0 Kudos
Subscribe
In response to PhilipDAth
eh_cve_cc
Conversationalist
‎07-10-2023 02:24 PM
‎07-10-2023 02:24 PM

I would guess for Wi-Fi security and authentication, but I am not sure why we are using that. Since it would make the Meraki portal a subordinate CA, i believe it would use the subordinate CA template. That one I have set to only require a common name. Systems manager has a new requirement that an additional file is icreated when the cert is generated. I created a template that has these extra settings but still no luck with the cert.

 

Where `configuration_file.ext` contains the following extension value pairs:

basicConstraints = critical,CA:true,pathlen:0
keyUsage = critical,keyCertSign,digitalSignature
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki