Simple Certificate Enrollment Protocol
Simple Certificate Enrollment Protocol (SCEP) is an IETF RFC. This protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as being referenced in other industry standards.
The protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large-scale deployments.
The Simple Certificate Enrollment Protocol is the most popular, widely available, and tested certificate enrollment protocol. it is widely used, for example by the Cisco IOS operating system (even if Cisco is now pushing the more fully featured EST) and iPhones to enroll in enterprises PKI. Most PKI software (specifically the RA) supports it, including the Network Device Enrollment Service of Active Directory Certificate Service.
After being effectively abandoned by its original Cisco sponsors around 2010, already ten years in the standardization process, when they started pushing for EST instead, the Internet Draft describing the protocol was revived in 2015 by Peter Gutmann due to its widespread use in industry and in other standards, updating the algorithms used and correcting numerous issues in the original specification, which had accumulated a considerable amount of detritus over time. In September 2020, it was published as RFC 8894, more than twenty years after the beginning of the standardization effort.
- Slide deck describing SCEP: pkix-3.pdf