- Tech know how online

simple certificate enrollment protocol (SCEP)

The Simple Certificate Enrollment Protocol(SCEP) supports the secure issuance of certificates to network entities using existing technologies. The SCEP protocol handles certificate enrollment and revocation, requests for certificates, as well as requests for Certificate Revocation Lists( CRL).

The SCEP protocol was defined by Cisco and VeriSign for certificate requests to the certification authority( CA) and is referenced by various well-known network technology companies. SCEP requests are encoded as PKCS (Public Key Cryptography Standard) messages according to PKCS#7 and PKCS#10 and transmitted to the certification authority via HTTP. PKCS#7 is the cryptographic message standard in which the cryptographic formats for encrypted and signed messages are described, and PKCS#10 is the standard for the certification request and describes the public key.

In the SCEP protocol, the client sends an HTTP request to the certification authority asking for its certificate and the certificate of the registration authority, if available. This certificate is used for all subsequent communication with the certificate authority. The SCEP message is signed and packaged in a PKCS#7 message with the certificate included. To allow manual confirmation, the response by the CA can be deferred. Each SCEP request is identified by a transmission identifier generated by the client that uniquely identifies the request.

The certificates and revocation lists can be accessed using Lightweight Directory Access Protocol( LDAP) or via SCEP's query message. As instance types, the SCEP protocol defines the end instances, such as IPsec clients, the certification authority (CA), and the registration authority( RA).

Englisch: simple certificate enrollment protocol - SCEP
Updated at: 29.01.2014
#Words: 244
Links: network, protocol, certificate revocation list (CRL), authority, contingency analysis (CA)
Translations: DE

All rights reserved DATACOM Buchverlag GmbH © 2024