SSCEP - Simple SCEP client for Unix
What is SSCEP?
SSCEP is a client-only implementation of the SCEP (Cisco System's Simple
Certificate Enrollment Protocol). SSCEP is designed for OpenBSD's isakmpd,
but it will probably work with any Unix system with a recent compiler and
OpenSSL toolkit libraries installed. It's early in its development cycle
and should be considered as a beta quality software.
SSCEP is released under BSD license.
What is SCEP?
SCEP is a PKI communication protocol which leverages existing
technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the
enrollment protocol developed by Verisign, Inc. for Cisco Systems, Inc.
It now enjoys wide support in both client and CA implementations.
The goal of SCEP is to support the secure issuance of certificates to
network devices in a scalable manner, using existing экскурсии по москве на автобусе technology whenever
possible. The protocol supports the following operations:
- CA and RA public key distribution
- Certificate enrollment
- Certificate and CRL query
Certificate and CRL access can be achieved by using the LDAP protocol,
or by using the query messages defined in SCEP.
Currently, SSCEP implements all of the SCEP operations using SCEP query
messages. There's no LDAP support, and probably there will never be
(that's why it is simple).
SSCEP has been tested successfully against the following CA products:
(*) by default, subjectAltName extensions are dropped from certificate
- OpenSCEP server (getca, enroll and getcrl works)*
- Windows2000 server CA + Microsoft SCEP module (getca, enroll and getcrl works)
- SSH Certifier (getca and enroll works)
- iPlanet CMS (getca and enroll works)*
- VeriSign Onsite (getca and enroll works)**
- Entrust VPN Connect (getca and enroll works)***
(**) only DNS subjectAltName allowed (demo mode)
(***) demo requires to use /C=US/O=Entrust
Download the current SSCEP snapshot
README from the SSCEP distribution
- Using Windows2000 CA for OpenBSD based VPN
- OpenSCEP - SCEP server implementation (GPL)
- upki - SCEP client implementation (commercial)
- Entrust VPN Connector demo site
- SSH Certifier End Entity Certificate Enrollment Server
Bug reports, discussion, etc.: .
Last updated Feb 02, 2003