SSCEP - Simple SCEP client for Unix

What is SSCEP?

SSCEP is a client-only implementation of the SCEP (Cisco System's Simple Certificate Enrollment Protocol). SSCEP is designed for OpenBSD's isakmpd, but it will probably work with any Unix system with a recent compiler and OpenSSL toolkit libraries installed. It's early in its development cycle and should be considered as a beta quality software.

SSCEP is released under BSD license.

What is SCEP?

(From draft-nourse-scep-06.txt):

SCEP is a PKI communication protocol which leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment protocol developed by Verisign, Inc. for Cisco Systems, Inc. It now enjoys wide support in both client and CA implementations.

The goal of SCEP is to support the secure issuance of certificates to network devices in a scalable manner, using existing экскурсии по москве на автобусе technology whenever possible. The protocol supports the following operations:

Certificate and CRL access can be achieved by using the LDAP protocol, or by using the query messages defined in SCEP.

SSCEP features

Currently, SSCEP implements all of the SCEP operations using SCEP query messages. There's no LDAP support, and probably there will never be (that's why it is simple).

SSCEP has been tested successfully against the following CA products:

(*) by default, subjectAltName extensions are dropped from certificate
(**) only DNS subjectAltName allowed (demo mode)
(***) demo requires to use /C=US/O=Entrust


Download the current SSCEP snapshot (20030417)

README from the SSCEP distribution

Related sites


Bug reports, discussion, etc.: Sorry, you have to write it!.

Last updated Feb 02, 2003 Home