Simple Certificate Enrollment Protocol
Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is being referenced by several manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users.
The protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.
SCEP is the most popular, widely available and most tested certificate enrollment protocol. Yet it may be advisable to remain sceptical. Although it is widely used, for example by the iOS Operating System, it is mostly suited for closed environments (such as an Intranet), as it is not able to "strongly authenticate certificate requests made by users or devices", which could allow a user to ask for privileges above what he is entitled.
The IETF has proposed to publish the internet draft describing the protocol  with a Historic Status, as it lack some features that would increase its security, and is proposing two alternative protocols for the same purpose: Certificate Management Protocol and Certificate Management over CMS
The following software provides support for SCEP:
- Ascertia (Certificate Registration, Revocation & Recovery)
- Nexus Certificate Manager
- cryptlib (C)
- Network Device Enrollment Service (Windows Server 2008)-(Windows Server 2012)
- OpenCA (Perl)
- OpenSCEP (Perl)
- jscep (Java)
- EJBCA (Java Enterprise Edition)
- OpenTrust PKI (Perl)
- wolfSSL CyaSSL
- Mikrotik (part of RouterOS)
- IETF draft (HTML version): draft-nourse-scep-23
- Slide deck describing SCEP: pkix-3.pdf
- Whitepaper describing SCEP and untrusted devices: A Whitepaper on SCEP and Untrusted Devices
- US-CERT Vulnerability Note: Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
- Simple Certificate Enrollment Protocol Internet-Draft