honzeland

记录点滴。。。

常用链接

统计

Famous Websites

Java

Linux

P2P

最新评论

SCEP(Simple Certificate Enrollment Protocol)

1. RFC documents

2. SCEP operations
  • PKIOperation:      
    • Certificate Enrollment - request: PKCSReq, response: PENDING, FAILURE, SUCCESS
    • Poll for Requester Initial Certificate - request: GetCertInitial, response: same as for PKCSReq
    • Certificate Access - request: GetCert, response: SUCCESS, FAILURE
    • CRL Access - request: GetCRL, response: raw DER encoded CRL
  • Non-PKIOperation: clear HTTP Get
    • Get Certificate Authority Certificate - GetCACert, GetNextCACert, GetCACaps
    • Get Certificate Authority Certificate Chain - GetCACertChain
3. Request message formats for PKIOperation
  • Common fields in all PKIOperation messages:
    • senderNonce
    • transactionID
    • the SCEP message being transported(SCEP messages) -> encrypted using the public key of the recipient(Enveloped-data)
      -> signed by one of certificates(Signed-data): the requester can generate a self-signed certificate, or the requester can use
      a previously issued certificate, if the RA/CA supports the RENEWAL option.
  • SCEP messages:
    • PKCSReq: PKCS#10
    • GetCertInitial: messages for old versions of scep clients such as Sscep, AutoSscep, and Openscep, are different with draft-18
             issuerAndSubject ::= SEQUENCE {
                  issuer Name,
                  subject Name
             }
    • GetCert: an ASN.1 IssuerAndSerialNumber type, as specified in PKCS#7 Section 6.7
    • GetCRL: an ASN.1 IssuerAndSerialNumber type, as defined in PKCS#7 Section 6.7

posted on 2009-02-17 14:18 honzeland 阅读(1685) 评论(2)  编辑  收藏

评论

# re: SCEP(Simple Certificate Enrollment Protocol) 2009-02-18 14:02 Fingki.li

好久不见你的文章了,呵呵  回复  更多评论   

# re: SCEP(Simple Certificate Enrollment Protocol) 2009-02-18 17:51 honzeland

以后走频繁路线  回复  更多评论   


只有注册用户登录后才能发表评论。


网站导航: