Please refer below link:
http://www.petenetlive.com/KB/Article/0000947
http://www.petenetlive.com/KB/Article/0000947
NDES Disable Password Requirement.
I've read a few blogs and articles that say;
"There is no way for Cisco devices to supply the required password to enroll with NDES/MSCEP, so you need to disable the requirement for a password."
This is NOT TRUE, however the whole point of issuing certificates via your PKI infrastructure, is that it can scale dramatically. If you are creating passwords and embedding those passwords in all your enrollments, it can get a little unwieldy. So it may be sensible to remove the password requirement.
1. Windows Key+R > regedit {Enter} > Navigate to;
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword > EnforcePassword
To disable change the value to 0 (zero).
Below you can see the difference, with the password requirement enforced, and without.
2. Restart the Certificate Services Service;
net stop certsvc net start certsvc