Community discussions

MikroTik App
 
barbarian42
just joined
Topic Author
Posts: 1
Joined: Fri Apr 23, 2021 12:17 pm

Hwo to use SCEP with dynamic challenge?

Fri Apr 23, 2021 12:54 pm

Hi all!

I am successfully deploying certificates via SCEP and MS NDES. MS NDES is configured with dynamic challenges which can only be used once (as is the default and the only recommended secure way).

However I do not find a way to make the Mikrotik work with dynamic challenges.

Expected behavior:
SCEP certificate renewals are authenticated via signing the new CSR with the old (but still valid) private key. There are no log entries on the CA regarding invalid SCEP passwords when renewing certificates.

Actual behavior:
SCEP certificate renewals are authenticated using the challenge initially used to deploy the certificate and thus only supporting static challenges. There are log entries about invalid SCEP passwords when renewing certificates.

Does anybody know how to configure Mikrotik to support dynamic challenges as is the standardized and secure way?

Who is online

Users browsing this forum: Josephny, TeWe, VinceKalloe and 96 guests