Forum Discussion
OESTechRA
Jun 28, 2023Copper Contributor
How do I assign a certificate template to MSCEP??
I setup a issuing CA and NDES server for non-Windows wi-fi device certificate authentication. I also made a certificate template called "SCEPTemplate" that was a duplicate of the Workstation Authentication template. Here are the permissions of the template I created:
When the device requests a certificate, the CA assigns this certificate from the wrong template:
If I disable the IPSec (Offline request) template, then the CA will error and not assign a certificate. this is what I see in Event viewer:
It looks like the IPSec (Offline request) template is somehow the default certificate template for MSCEP. In the guide I used to configure the server, it said to change the "GeneralPurposeTemplate" registry key to SCEPTemplate, which I did:
Does anyone have any ideas to get past this? I did find this guide which may mention something about this but doesn't have a solution. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ndes-security-best-practices/ba-p/2832619
No RepliesBe the first to reply