1 / 8

SCEP

SCEP. Simple Certificate Enrollment Protocol. Widely Deployed. Cisco routers, VPN client, and CA Microsoft CA Entrust CA RSA toolkit and CA Netscape CA Verisign CA Baltimore/Unicert. Features. Initial Enrollment Renewal (including client key rollover)

onslow
Download Presentation

SCEP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCEP • Simple Certificate Enrollment Protocol

  2. Widely Deployed • Cisco routers, VPN client, and CA • Microsoft CA • Entrust CA • RSA toolkit and CA • Netscape CA • Verisign CA • Baltimore/Unicert

  3. Features • Initial Enrollment • Renewal (including client key rollover) • CA and Client Certificate retrieval • CA key and certificate rollover • Extensible

  4. Mature Protocol • Has Been in use for over 7 years • many interoperable implementations • Now on draft 15

  5. Enrollment • PKCS-10 to specify what should be in the cert • Signed and Encrypted with PKCS-7 • Can Use One-Time Password for authentication

  6. Renewal • Signed by prior client certificate

  7. CA Key Rollover • “Next” CA Certificate generated ahead of time • Clients Can Retrieve “Next” CA Certificate • Response is signed by current CA certificate • Roll Over when Old Certificate Expires • Can roll over “early” if Root CA compromised

  8. Current draft • draft-nourse-scep-15.txt • Informational • nourse@cisco.com

More Related