Knowledge Base
How to renew a SCEP RA certificate (private CA – device certificate)
Prerequisites:
-SCEP endpoint already configured.
-SCEP RA certificate already added but has expired.
Errors that might appear because the RA certificate has expired:
This:
SCEP: Failed LogError Message : (SCEPInstallCertificateWithScepHelper: Failed to Initialize SCEP enrollment with NDES Server 'https://cert-manager.com/customer/steadfast/iscep/6KjjyOkGZu06FsGI6MIR/pkiclient.exe', CA cert thumbprint 'ED09B73FE93CEC9563E7542B9295851861214359' and server)
SCEP: Certificate enroll failed. Result: (A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.).
This (windows event viewer):
This (windows event viewer)
Examples used below are for demonstration only, the customer’s configuration might differ:
-
Request a new Device Certificate from the “Device Certificates” tab, using the same Certificate Profile that has been configured for SCEP:
-
Request a new CSR, can use the same details as the previous SCEP RA certificate:
-
Afterwards, the device certificate will be issued in SCM.
-
Under Enrollment-> SCEP-> SCEP RA Certificates-> Check if you can edit your SCEP RA certificate.
-
Else, You can provide this device certificate with chain and private key to us:
Note: use a secure method of transport for the private key, like Microsoft Office secure message email:
-
Once we get that, we will replace your SCEP RA certificate with the key in the backend.
-
Then you can retry the Intune sync and request new certificates.
For further assistance or troubleshooting, you can refer to Sectigo’s official Knowledge Base or contact support.
Avete bisogno di aiuto?
Avete bisogno di aiuto per l'acquisto? Contattateci oggi stesso per ottenere subito il vostro certificato.
Chat in diretta
Fai clic sul pulsante qui sotto o su “Chatta con un esperto” per iniziare subito a chattare con noi!
