Goldhawk-Fork
asked on
Signing Meraki SCEP certificate with Microsoft CA
Hi Everyone,
I would like to use the Meraki MDM SCEP service to hand out certificates for users enrolling to the Meraki System Manager platform. The certificates will then be used to authenticate against Cisco ISE for wireless access.
I've added the AD to the Meraki Platform and added the profile to be pushed down to ISE on the platform as well. Cisco ISE has also been added to the Meraki Platform.
As part of the SCEP process for Meraki I'm supposed to download the SCEP CA certificate and have it signed to the Microsoft CA. I assume I would need to export the .csr file and have it signed via web enrollment. However I'm not sure what template to use in order to have it signed for the correct use. When I import a standard user template it is signed for the account which i used to log into the web enrollment page (Admin user). Of course this is not the correct solution as the certificate needs to be for all users i.e. it needs to be for %User% so all users can get a certificate and enroll. I can then add this certificate to ISE. Can anyone help?
mer.PNG
I would like to use the Meraki MDM SCEP service to hand out certificates for users enrolling to the Meraki System Manager platform. The certificates will then be used to authenticate against Cisco ISE for wireless access.
I've added the AD to the Meraki Platform and added the profile to be pushed down to ISE on the platform as well. Cisco ISE has also been added to the Meraki Platform.
As part of the SCEP process for Meraki I'm supposed to download the SCEP CA certificate and have it signed to the Microsoft CA. I assume I would need to export the .csr file and have it signed via web enrollment. However I'm not sure what template to use in order to have it signed for the correct use. When I import a standard user template it is signed for the account which i used to log into the web enrollment page (Admin user). Of course this is not the correct solution as the certificate needs to be for all users i.e. it needs to be for %User% so all users can get a certificate and enroll. I can then add this certificate to ISE. Can anyone help?
mer.PNG
Have you come up with a solution yet?
ASKER
Not yet Jeff,
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.