- This topic has 4 replies, 3 voices, and was last updated 2 years, 10 months ago by .
Viewing 5 posts - 1 through 5 (of 5 total)
Viewing 5 posts - 1 through 5 (of 5 total)
- You must be logged in to reply to this topic.
Tagged: SCEP
We have been running the same setup for a number of years, however the requesting of a device certificate is no longer working for automatic enrollment or manually. The logs from the CA server are showing the request does make it there, however the device presents with “ERROR: failed parsing ca cert response. Please check certificate settings and enrollment password”. There is no enrollment password set on the CA server. Does anyone know what settings the CA server requires for this to work correctly? Tested on Firmware 8.6 as well as 9.1. Have been working with Microsoft and Dell for the last two weeks but have not got anywhere.
I have written a SCEP implementation guide which is available in the Downloads.
I have never seen or heard that you do not need an enrollment password at all. However, check my guide and come back with questions.
CG
Thanks for that quick reply. I will have a read through and come back if needed
After enabling unauthenticated access for IIS, the device is connecting, we are getting a 200 response in the IIS logs, however the device is now giving “ERROR: failed checking ra certificate for signing. Please check certificate settings and enrollment password”.
We have followed the documentation and checked all settings against it. As we do not have a password set and never had one, that field is left blank. In WMS I have tried configuring SCEP admin details as per section 7 but this did not seem to work. Do you require one or the other to get this to work?
Any further ideas?
If you use Microsoft SCEP service, you *need* enrollment password (it is always present and autogenerated for you out of the box, can be obtained from /CertSrv/mscep_admin).
You can make sure this password never changes by setting HKLM\SOFTWARE\Microsoft\Cryptography\MSCEP\UseSinglePassword = 1 (DWORD) on SCEP server – so you only need to configure it once in ThinOS profile and never touch it again
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |