SCEP is the successor of CEP the Certificate Enrollment Protocol. Both protocols were developed from Cisco. The idea is to have simple but secure protocol to enroll certificates and CRLs. Today many network components use SCEP to manage certificates and CRLs. Some of these components are Switches, Routers, Firewalls and VPN-Softwares.
OpenCA support SCEP via an own web interface. The interface is called scep and you can install it via "make install-scep". After the installation you have only to configure the file OPENCADIR/etc/servers/scep.conf or you edit OPENCADIR/etc/config.xml before you run OPENCADIR/etc/configure_etc.sh. Please remember to only filter via IP addresses because SCEP doesn't support any authentication mechanisms. A SCEP client can connect the interface via http://your_host/cgi-bin/scep/scep.
This file contains the followin parameters:
This is the PEM encoded private key of the SCEP interface. It has the same format like for mod_ssl.
This is the PEM encoded certificate of the SCEP interface. It has the same format like for mod_ssl.
This is the passphrase for the private key of the SCEP server. If you use a not encrypted private key (what is not recommended - then please set an empty string here. interface. It has the same format like for mod_ssl.
This file contains the followin parameters:
This is the PEM encoded private key of the SCEP interface. It has the same format like for mod_ssl.
This is the PEM encoded certificate of the SCEP interface. It has the same format like for mod_ssl.
This is the passphrase for the private key of the SCEP server. If you use a not encrypted private key (what is not recommended - then please set an empty string here. interface. It has the same format like for mod_ssl.