How do I assign a certificate template to MSCEP??
I setup a issuing CA and NDES server for non-Windows wi-fi device certificate authentication. I also made a certificate template called "SCEPTemplate" that was a duplicate of the Workstation Authentication template. Here are the permissions of the template I created: When the device requests a certificate, the CA assigns this certificate from the wrong template: If I disable the IPSec (Offline request) template, then the CA will error and not assign a certificate. this is what I see in Event viewer: It looks like the IPSec (Offline request) template is somehow the default certificate template for MSCEP. In the guide I used to configure the server, it said to change the "GeneralPurposeTemplate" registry key to SCEPTemplate, which I did: Does anyone have any ideas to get past this? I did find this guide which may mention something about this but doesn't have a solution. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ndes-security-best-practices/ba-p/2832619Help with new 2-tier CA
Hi, I've setup a two-tier CA and I think I'm missing something in the configuration. The issuing CA only has the "Certification Authority" role installed. And the second server has the NDES and web enrollment roles. I have the NDES piece working as I have macOS and iOS clients requesting certificates for the Wi-Fi. But now I would like to request a Web Certificate for our RADIUS server and it looks like the Web enrollment piece is not working. This is the error I get when I try to request a certificate: Also, I can't even download the root CA from the main /certsrv page. I get this error: I really need this working. Any assistance would be appreciated.
