Simple Certificate Enrollment Protocol

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is being referenced by several manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users.

The protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.

SCEP is the most popular, widely available and most tested certificate enrollment protocol. Yet it may be advisable to remain sceptical. Although it is widely used, for example by the iOS Operating System, it is mostly suited for closed environments (such as an Intranet), as it is not able to "strongly authenticate certificate requests made by users or devices",[1] which could allow a user to ask for privileges above what he is entitled.

The IETF has proposed to publish the internet draft describing the protocol [2] with a Historic Status, as it lack some features that would increase its security, and is proposing two alternative protocols for the same purpose: Certificate Management Protocol and Certificate Management over CMS


The following software provides support for SCEP:

External links[edit]


  1. ^ US-CERT Vulnerability Note: Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
  2. ^ Simple Certificate Enrollment Protocol Internet-Draft