Hey folks, stuck on an ios VPN setup using Scep certs.
The Scep certificate gets generated fine and I can see it on the iPhone under Settings → General → VPN & Device Management → Profiles. VPN policy is also associated correctly in hexnode.
But when I try to connect, iOS throws: “Certificates needed for the VPN service.”
What’s confusing is: if I export a cert manually from the CA using the same template and use that, the VPN works.
19 Views
Hmm yeah that error usually means iOS isn’t able to “use” the cert for vpn auth even if it’s present on the device.
Can you check once if the cert shows up inside the vpn configuration itself? Like under the Vpn profile where it asks for the certificate / identity selection.
Also, quick isolation test: try creating the VPN manually on the iPhone and pick the SCEP cert there. If it still fails, then it’s not really the Hexnode policy association.
Yep, checked that too. The cert is visible under profiles, but when I try to use it in Vpn, it’s basically not getting picked up.
Tried manual VPN config as well using the same SCEP cert and it still fails the same way.
But the manually exported certificate works instantly, so looks like something about the SCEP-issued cert (usage/identity mapping maybe) is the issue.
Don't have an account? Sign up
