Forum Discussion
dotpeek
Jan 14, 2025Copper Contributor
Cloud PKI - Rolling Out to ChromeOS?
Hi all,
Will try to summarize my goal and current issue..hoping someone out there has ran across something similar to this implementation. Essentially I have 20 Cloud PKI licenses on users in my tenant to get a proof of concept going. We have a mixed bag in my org of people using Intuned Windows devices, as well as Enterprise Enrolled Chromebooks in a Google Tenant.
The goal is to utilize Cloud PKI, create a root and issuing CA, and utilize Google Admin to roll certificates out to Chromebook users via SCEP from Cloud PKI. The Chromebook users are already using Entra ID SSO to log into the Chromebooks. Then use these certificates to follow Google's documentation on using Defender for Cloud Apps for Conditional Access on ChromeOS to only allow devices with these certificates to access company resources.
So far I have the root and issuing certs created. I have my Google tenant recognizing the root cert, but when I try rolling out my SCEP profile is where everything is falling apart. I assume my issue lies in the SCEP profile on the Google admin side..But before I lose my mind trying to get it to work..Is Cloud PKI even designed to allow SCEP requests and cert issuing in scenarios like this?
One example being the SCEP URI has that {{CLOUDPKIFQDN}} piece in it...for the life of me I can't be sure how to substitute for this dynamic piece if I'm trying to use SCEP somewhere other than Intune or Entra.
Thank you for any ideas or input, it's greatly appreciated.
No RepliesBe the first to reply