Simple Certificate Enrollment Protocol
Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is being referenced by several manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users.
The protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.
SCEP is the most popular, widely available and most tested certificate enrollment protocol. It has several advantages over competing protocols, such as Certificate Management Protocol.
The following software provides support for SCEP:
- Ascertia (Certificate Registration, Revocation & Recovery)
- Nexus Certificate Manager
- cryptlib (C)
- Network Device Enrollment Service (Windows Server 2008)-(Windows Server 2012)
- OpenCA (Perl)
- OpenSCEP (Perl)
- jscep (Java)
- EJBCA (Java Enterprise Edition)
- OpenTrust PKI (Perl)
- wolfSSL CyaSSL
- Mikrotik (part of RouterOS)
- Simple Certificate Enrollment Protocol Internet-Draft
- The list of current Internet-Drafts can be accessed at the IETF Website abstracts list: 1id-abstracts.txt
- Slide deck describing SCEP: pkix-3.pdf
- US-CERT Vulnerability Note: Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
- Whitepaper describing SCEP and untrusted devices: A Whitepaper on SCEP and Untrusted Devices