Meraki

Kyote · ‎Nov 26 2024

Hey guys,

I'm attempting to set up certificate-based authentication using the SCEPman CA, and Meraki local auth. I haven't been able to find a guide specifically using SCEPman. Has anyone accomplished this and would be willing to share how they did it?

Thanks!

GIdenJoe · ‎Nov 26 2024

We are using SCEPman in our org. However we don't use the local auth on the Meraki side but we are using Radius-as-a-service in combination with SCEPman. So the AP's can do radius to the service which in turn trusts the certs signed by SCEPman.

This has been working fine for over a year now.

JamesHammy

I'm pretty sure it's as simple as setting up SCEPman following their decent documentation. After that, you can simply enable the 'RADIUS local auth' option, choose certificate based authentication, tick a couple more boxes and then upload SCEPman's Root CA certificate in PEM format.

Then configure your endpoints to connect to that wifi network using certificate-based authentication.

@GIdenJoe 's setup is more comprehensive as it also uses a cloud-based RADIUS service that you could use for a load of other stuff but what I've suggested is very simple and apparently works well for simple and secure wifi access. I will be looking to implement something similar before long, so I can retire our internal NPS server.

Kyote

i've had this implemented for a while now. Curious to hear what other things you are using SCEPman certs for 👀

JamesHammy

All working ok for you?

We've not even onboarded SCEPman yet so we're still using on-premise Microsoft Root CA with NPS and GPO settings to deploy wifi securely. Just like everyone else though, we're looking to offload as much as possible to O365/InTune to remove dependency on on-premise.

Meraki

Community

Meraki enterprise with local auth + SCEPman + AAD

Meraki enterprise with local auth + SCEPman + AAD