<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009xRHUACA4Okta Classic EngineDevices and MobilityAnswered2025-09-13T09:01:51.000Z2024-01-25T07:38:40.000Z2024-01-26T08:21:49.000Z

gedxk (gedxk) asked a question.

Edited January 25, 2024 at 7:39 AM
OIE and MDM device integration - SCEP does not generate certificate

Hello

I am trying to deploay fastpass and device integration

i have followed those procedure for both windows and mac os device

https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/okta-ca-delegated-scep-macos-intune.htm

https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/okta-ca-delegated-scep-win-intune.htm

 

the SCEP certificate generation is not working at all

 

on mac os, i can see this kind of logs

 

[0:Cert_PI:SCEP:<0x120db6>] TrustError : Error Domain=NSOSStatusErrorDomain Code=-25318 "errKCCreateChainFailed / errSecCreateChainFailed: / The attempt to create a certificate chain failed." UserInfo={NSLocalizedDescription=Le certificat « Organization Intermediate Authority » n’est pas fiable., NSUnderlyingError=0x14fb091c0 {Error Domain=NSOSStatusErrorDomain Code=-25318 "errKCCreateChainFailed / errSecCreateChainFailed: / The attempt to create a certificate chain failed." UserInfo={NSLocalizedDescription=Le certificat 1 « Organization Intermediate Authority » contient des erreurs : Impossible de créer la chaîne vers la racine (intermédiaire potentiellement manquant).;}}}

 

and on windows this kind of error

 

[Friday 10:14 AM]

SCEP: Certificate enroll failed. Result: (Unknown Win32 Error code: 0x87d00905).

 

i had a look at the CA certificate from Okta, and i can see, when i download it, the issuer of this certificate is Organization Root Authority.

 

Is there a chance the problem is because i don't have this particular certificate in my Trusted Root CA store ?

 

Thank you so much in advance

 

Regards,

 

Yannick

  • 2 answers
  • 872 views

  • a0n5s (a0n5s)

    have you check these:

    1. Verify the client certificate installation:
      1. On the Windows computer, click Start and type cert and then click Manage user certificates.
      2. Look in PersonalCertificates.
    2. Verify the Certificate Authority:
      1. On the Windows computer, click Start and type cert and then click Manage user certificates.
      2. Look in Intermediate Certificate AuthorityCertificates.
      3. In Issued To, find and double-click Organization Intermediate Authority.
      4. See Issuer: Organization Root Authority.
    3. If you don't find the certificate, check the logs as described in step 3.

     

    Expand Post

  • gedxk (gedxk)

    Hello. Thanks for your answer

    Yes, it was already checked. the Organization Intermediate Authority is in the good certificate store

This question is closed.
Loading
OIE and MDM device integration - SCEP does not generate certificate