Failed to generate SCEP Certificate / Error when issuing test certificate for SCEP after Upgrade to CORE Version 8.0


#1

If you have just upgarded to MobileIron CORE Version 8.0 and you are finding that your SCEP Certificates are not being generated it is likely you are experiencing this error:

To fix this issue, use the IP Address of the SCEP server instead of the URL.

Now, why do we need to do this? It is most likely because the URL does not have a TLD (top level domainname) in it. i.e. scep.mobilitycompany.intranet or scep.mobility.lan instead of scep.mobility.com for example.

If you are worried about pushing out certs again and having users re prompted to install/enter passwords for their use case i.e. in a VPN or WiFi profile, then contact your Mobility Partner (aka Mobile Mentor) and have a MobileIron support ticket raised to have the DB modified through Devshell.

Happy SCEP’ing :slight_smile:


#2

you can also change this SCEP URL via CLI on Core Server in MySQL database without causing existing certificates to re-issued and configurations that SCEP uses to re-install

Executed the below queries to modify the configurations from DB

select * from mi_app_setting where setting_name like ‘%(SCEP Setting Name)%’\G;
select * from mi_app_setting_entry where app_setting_id=(Number of result returned from previous command);
update mi_app_setting_entry set value=‘https:// (Your new required Server FQDN URL or IP Address) /CertSrv/mscep_admin’ where app_setting_id=(Number of result returned from previous command) and property=‘CHALLENGEURL’;
update mi_app_setting_entry set value=‘https:// (Your new required Server FQDN URL or IP Address) /certsrv/mscep’ where app_setting_id=(Number of result returned from previous command) and property=‘URL’;