[Pki-users] SCEP Support
Nathan Kinder
nkinder at redhat.com
Thu Feb 28 16:11:16 UTC 2013
On 02/27/2013 10:56 PM, Elliott William C OSS sIT wrote:
> Hello,
>
> We currently use SCEP for Cisco Routers with a RedHat CS.
> However as far as we can tell, "CA Key Rollover" is not implemented. Furthermore, we can't find any indication that it's implemented in in Dogtag 9 or 10.
>
> Could anyone confirm this?
> Does anyone work around this problem?
>
> As far as we can see, few or no CA SW supports this, aside from the IOS CA from Cisco. The SCEP RFC says that the other two PKIX standards for certificate management are superior to SCEP, which has deficiencies, and is quasi-deprecated. Therefore my assumption is, that no one (other than cisco) plans to invest any effort in expanding SCEP support in Dogtag or any other opensource CA software.
We are actually planning on going through our existing SCEP
functionality to see what else from the Internet Draft should be
implemented in Dogtag 10.1. In addition, we have a few smaller tickets
related to SCEP in our Trac instance that we plan to look at (details at
https://fedorahosted.org/pki/).
We are not sure that we will be targeting "CA Key Rollover" specifically
any time soon, as we want to see if there are more common SCEP use cases
that should be targeted first. Is it specifically "CA Key Rollover" you
are interested in using, or is there anything else from the SCEP
Internet Draft that you have a use case for as well?
Thanks,
-NGK
>
> Best regards,
> William Elliott
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list