diff --git a/t/venom/nodes/wired_dot1x_eap_tls/run_sscep_on_node01.yml b/t/venom/nodes/wired_dot1x_eap_tls/run_sscep_on_node01.yml
index 3f5c0c7ed50a..739b3d9ef8db 100644
--- a/t/venom/nodes/wired_dot1x_eap_tls/run_sscep_on_node01.yml
+++ b/t/venom/nodes/wired_dot1x_eap_tls/run_sscep_on_node01.yml
@@ -29,7 +29,7 @@ testcases:
         attributes = req_attributes
         
         [ req_attributes ]
-        challengePassword = secret
+        challengePassword = {{.wired_dot1x_eap_tls_manual.certs.user.scep_challenge_password}}
         
         # only CN is kept by pfpki
         [ dn ]
diff --git a/t/venom/test_suites/wired_dot1x_eap_tls_manual/TESTSUITE.md b/t/venom/test_suites/wired_dot1x_eap_tls_manual/TESTSUITE.md
index 6e0fb884b733..50a4657bdb0b 100644
--- a/t/venom/test_suites/wired_dot1x_eap_tls_manual/TESTSUITE.md
+++ b/t/venom/test_suites/wired_dot1x_eap_tls_manual/TESTSUITE.md
@@ -4,7 +4,7 @@
 N/A
 
 ### Global config steps
-1. Create dot1x_eap_tls role
+1. Create dot1x_eap_tls_manual role
 
 ## Scenario steps
 1. Create Root CA
@@ -40,6 +40,8 @@ N/A
 1. Check Internet access *on* node01 (common)
 
 TODO:
+1. Install certificates (HTTP and RADIUS), generated by pfpki, using API (in
+   place of command line)
 1. Revoke certificate
 1. Kill wpasupplicant (common test suite)
 1. Rerun wpasupplicant to have a reject authentication due to revoke certificate
diff --git a/t/venom/test_suites/wired_dot1x_eap_tls_scep/TESTSUITE.md b/t/venom/test_suites/wired_dot1x_eap_tls_scep/TESTSUITE.md
index 6e0fb884b733..c272b35487d4 100644
--- a/t/venom/test_suites/wired_dot1x_eap_tls_scep/TESTSUITE.md
+++ b/t/venom/test_suites/wired_dot1x_eap_tls_scep/TESTSUITE.md
@@ -1,10 +1,10 @@
-# wired_dot1x_eap_tls_manual
+# wired_dot1x_eap_tls_scep
 
 ## Requirements
 N/A
 
 ### Global config steps
-1. Create dot1x_eap_tls role
+1. Create dot1x_eap_tls_scep role
 
 ## Scenario steps
 1. Create Root CA
@@ -27,7 +27,7 @@ N/A
 1. Perform Checkup (common test suite)
 1. Configure 802.1X only and dynamic VLAN on dot1x interface on
    switch01
-1. Install Root CA on node01 
+1. Get CA and client certificates using SCEP on node01
 1. Install user certificates (public certificate and private key) on node01
    with following paths:
    - ca_cert: /etc/wpa_supplicant/eap_tls/ca.pem
@@ -40,6 +40,8 @@ N/A
 1. Check Internet access *on* node01 (common)
 
 TODO:
+1. Install certificates (HTTP and RADIUS), generated by pfpki, using API (in
+   place of command line)
 1. Revoke certificate
 1. Kill wpasupplicant (common test suite)
 1. Rerun wpasupplicant to have a reject authentication due to revoke certificate