Hello Emer,

In the MobiControl console you are probably selecting the SCEP profile.  Although this is a logical place to look to deploy the actual certificate and/or to select the template, different OS's are configured in different ways, you may need to select the certificate section of the profiles. 

Try looking there for your template and select it. 

What OS are you trying to issue the SCEP certificate to and what build number of 13.4 are you running? 

Regards, 

I am trying to issue the cert to Windows CE devices & ANdroid+ devices. version of Soti is 13.4.0.4449.

I have created a generic SCEP authority & I can now see the template listed for both android & windows ce users.

However template is failing to apply, I was wondering does the thumbprint need to be in a particular format? I am requesting the certs from the CA's via a Venafi endpoint which interacts directly with the CA's. any known issues or concerns using venafi?

Is there any mechanism to issue a test cert from the console to see if it works instead of applying it to a device via profile.

Lastly where in the system logs will I see the cert request attempt is there a particular level of logging that shoudl be applied (currently set to error) to see the full conversation?

Hi Emer,

Although there have been cases where Venafi has been used with SCEP certificates I do not see any "known issues" that would prevent this from working.  The configuration may need to be looked at by our support, as the fix may be as simple as adding "CN=" in the Subject name.  If you continue to have issues open a case VIA Support@soti.net as we continue to discuss this in the Soti Central Discussion Forum and we can assist you to get this corrected. 

Testing would need to be done VIA the profile but the error logs may not be enough to see the actual reason for the error occurring if the SCEP certificate does not get created /deployed.  I would suggest changing the DS, MS and DSE logging to verbose.  I am assuming this is a on premise installation so you should have no problem doing this and applying it.   

In the past I have also use SQL profiler to identify such issues with the certificate creation in conjunction with a TCP sniffer tool to isolate the traffic to confirm where the failure is occurring from.   Make sure you note the timestamps as this will make troubleshooting a lot easier to identify.

no isues with network connectivity between the soti & venafi systems. I have submitted system logs to support email address you gave with details of the issue thanks for the help!