"Bad Response format" error in SmartDashboard when enrolling a VPN certificate from Windows based CA using SCEP
The Security Management Server does not take into consideration the hash algorithm used by the external CA and always signs its response using MD5.
If the external CA also uses MD5, then everything would work well. However, when this is not the case, enrollment will fail.
On Windows Server 2008 and above, SHA-1 is the default hash algorithm.