I am still trying to get this configuration done. When I configure the Certificate Authority as Registration Authority and I add the SCEP URL:
https://pki/certsrv/mscep/mscep.dll
I also have the option to add a SCEP Challenge Password. The SCEP Challenge Password (as far as I know) can be obtained via the URL:
http://pki/CertSrv/mscep_admin/
I tried to add the CA with and without configuring a SCEP Challenge Password. Both options aren't working and I see the following error in the EventViewer on the Windows PKI server.
Without SCEP Challenge Password:
EventID 28 - The Network Device Enrollment Service cannot locate a required password in the certificate request. Either a password must be present in the certificate request or the certificate request should be signed with a valid signing certificate. The signing certificate must chain up to a trusted root in the Enterprise store. The signing certificate and the certificate request must have the same subject name or subject alternate name.
With SCEP Challenge Password:
EventID 29 - The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to submit with this request.
I guess I have to troubleshoot the Windows PKI server instead of ClearPass.........