Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16605
Views
3
Helpful
6
Replies

SCEP with a Windows Server 2008 R2 Stand-Alone CA

Marcel Maeder
Level 4
Level 4

‎01-09-2013 11:29 AM - edited ‎03-10-2019 07:57 PM

Hi

Have you ever managed to set-up a Windows Server 2008 R2 CA in Stand-Alone mode with SCEP? In most howtos they are using Enterprise PKI and therefore can create certificate templates. I don't see any requests on the server and the IIS-Debugging file doesn't even get created.

I used the technet howto [1] for setting up my lab server.

[1] http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

‎01-09-2013 11:44 AM

Marcel,

Did you build this CA from scratch or are you trying to integrate an existing CA. I know when i first set this up and didnt choose enterprise the NDES configuration would not work. I am not an expert in what workarounds you can use but I had to remove the Certificate services and rebuild with enterprise.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Marcel Maeder
Level 4
Level 4
In response to Tarik Admani

‎01-09-2013 11:58 AM

Hi Tarik

I've built a new CA. I don't want to integrate it with the existing enterprise PKI because the CA should auto-grant requests. And I can't install a second Enterprise PKI with another Root-CA in the same domain. Creating an extra domain only for certificates would require topology-changes because you don't want multiple domains on the same subnet.

I'll probably use an IOS Router with the IOS CA-Feature if I don't find a solution.

Sent from Cisco Technical Support iPad App

0 Helpful

Marcel Maeder
Level 4
Level 4
In response to Tarik Admani

‎01-09-2013 12:13 PM

No, I haven't seen them yet, but they're familiar to the wiki article from technet. I think that SCEP requires certificate templates which are not available in stand-alone ca.

Thank you for your reply

Sent from Cisco Technical Support iPad App

0 Helpful

Ravi Singh
Level 7
Level 7
In response to Marcel Maeder

‎03-12-2014 02:51 PM

Please also check the below doc with other posted.

http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx

0 Helpful

Naveen Kumar
Level 4
Level 4

‎03-05-2014 07:49 PM

Before you configure SCEP support for BYOD, ensure that the Windows 2008 R2 NDES server has these Microsoft hotfixes installed:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents