Simple Certificate Enrollment Protocol

Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as being referenced in other industry standards.

The protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.

SCEP is the most popular, widely available and most tested certificate enrollment protocol. Although it is widely used, for example by the iOS Operating System, concerns have been raised that it is not able to "strongly authenticate certificate requests made by users or devices",.[1] Since exactly the same issues apply to other certificate issue protocols such as Certificate Management Protocol and Certificate Management over CMS it's not clear how real this concern is.

After being effectively abandoned by its original sponsors around 2010, the internet draft describing the protocol [2] was revived in 2015 due to its widespread use in industry and in other standards, updating the algorithms used and correcting numerous issues in the original specification, which had accumulated a considerable amount of detritus over time.

Implementations

The following software provides support for SCEP:

External links

References

  1. US-CERT Vulnerability Note: Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
  2. Simple Certificate Enrollment Protocol Internet-Draft