Knowledge Base
How to renew a SCEP RA certificate (private CA – device certificate)
Prerequisites:
-SCEP endpoint already configured.
-SCEP RA certificate already added but has expired.
Errors that might appear because the RA certificate has expired:
This:
SCEP: Failed LogError Message : (SCEPInstallCertificateWithScepHelper: Failed to Initialize SCEP enrollment with NDES Server 'https://cert-manager.com/customer/steadfast/iscep/6KjjyOkGZu06FsGI6MIR/pkiclient.exe', CA cert thumbprint 'ED09B73FE93CEC9563E7542B9295851861214359' and server)
SCEP: Certificate enroll failed. Result: (A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.).
This (windows event viewer):
This (windows event viewer)
Examples used below are for demonstration only, the customer’s configuration might differ:
-
Request a new Device Certificate from the “Device Certificates” tab, using the same Certificate Profile that has been configured for SCEP:
-
Request a new CSR, can use the same details as the previous SCEP RA certificate:
-
Afterwards, the device certificate will be issued in SCM.
-
Under Enrollment-> SCEP-> SCEP RA Certificates-> Check if you can edit your SCEP RA certificate.
-
Else, You can provide this device certificate with chain and private key to us:
Note: use a secure method of transport for the private key, like Microsoft Office secure message email:
-
Once we get that, we will replace your SCEP RA certificate with the key in the backend.
-
Then you can retry the Intune sync and request new certificates.
For further assistance or troubleshooting, you can refer to Sectigo’s official Knowledge Base or contact support.
Besoin d'aide ?
Besoin d'aide pour effectuer un achat ? Contactez-nous dès aujourd'hui pour que votre certificat soit délivré immédiatement.
Chat en direct
Cliquez sur le bouton ci-dessous ou cliquez sur « Chat avec un expert » pour commencer à chatter avec nous dès maintenant !
