Meraki

T1 · ‎Jan 9 2020

Has anyone had any luck with creating SCEP certificates with automatic properties like owner email, ? I'm getting a error as soon as I add an automatic property to the cert:

There were errors in saving this configuration:

One or more errors occurred. No changes have been saved.
Cert test - Pcc mc custom scep payloads base Asset tag is not in the correct format.

SoCalRacer · ‎Jan 10 2020

The way SCEP is supposed to work with Meraki is that you download the cert from the dashboard and then you sign it with your CA, then reupload it to the dashboard. Is that the process you are using?

T1 · ‎Jan 12 2020

You can sign it with your own CA if required, but it works without it as well. I wanted to explore a possibility of a cert only sign on where SP requires username as part of the subject. SM allows usage of automatic attributes there like owner email or device serial number. I just got the code wrong. It should read CN= [owner email] not just [owner email].

SoCalRacer · ‎Jan 13 2020

Trusted Access might be more suited if you are Apple Only

https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Trusted_Access_for_S...

T1 · ‎Jan 13 2020

Trusted access is not really our cup of tea. We do want to restrict access to prod WiFi to enrolled devices only and WiFi settings payload does a good job as it is. Custom certs, however, provide a flexible way to implement passwordless authentication and I can generate different certs for different subsets of users accessing different SPs. If Meraki ever implements a SRL, that would be great.