Hi all!
I am successfully deploying certificates via SCEP and MS NDES. MS NDES is configured with dynamic challenges which can only be used once (as is the default and the only recommended secure way).
However I do not find a way to make the Mikrotik work with dynamic challenges.
Expected behavior:
SCEP certificate renewals are authenticated via signing the new CSR with the old (but still valid) private key. There are no log entries on the CA regarding invalid SCEP passwords when renewing certificates.
Actual behavior:
SCEP certificate renewals are authenticated using the challenge initially used to deploy the certificate and thus only supporting static challenges. There are log entries about invalid SCEP passwords when renewing certificates.
Does anybody know how to configure Mikrotik to support dynamic challenges as is the standardized and secure way?