Forum Discussion

OESTechRA's avatar
OESTechRA
Copper Contributor
Jun 28, 2023

How do I assign a certificate template to MSCEP??

I setup a issuing CA and NDES server for non-Windows wi-fi device certificate authentication.  I also made a certificate template called "SCEPTemplate" that was a duplicate of the Workstation Authentication template.  Here are the permissions of the template I created:

 

When the device requests a certificate, the CA assigns this certificate from the wrong template:

 

If I disable the IPSec (Offline request) template, then the CA will error and not assign a certificate.  this is what I see in Event viewer:

 

It looks like the IPSec (Offline request) template is somehow the default certificate template for MSCEP.  In the guide I used to configure the server, it said to change the "GeneralPurposeTemplate" registry key to SCEPTemplate, which I did:

 

Does anyone have any ideas to get past this?  I did find this guide which may mention something about this but doesn't have a solution.  https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ndes-security-best-practices/ba-p/2832619

 

 

No RepliesBe the first to reply

Resources