Simple Certificate Enrollment Protocol

Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is being referenced by several manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users.

The protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress."

As of September 7, 2011, its intended status is "Historic". Environments that do not require interoperability with legacy SCEP implementations are advised to use: Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272].

Implementations

The following software provides support for SCEP:

• cryptlib (C)
• Network Device Enrollment Service (Windows Server 2008)
• OpenCA (Perl)
• OpenSCEP (Perl)
• jscep (Java)
• EJBCA (Java Enterprise Edition)

External links

• IETF Data Tracker: [1]
• The list of current Internet-Drafts can be accessed at the IETF Website abstracts list: 1id-abstracts.txt
• Slide deck describing SCEPpkix-3.pdf