Fri. Sep 24th, 2021

by Christian T. Drieling – 4. August 2017

Customers often ask why SCEP is done by HTTP and not HTTPS because they think it is insecure, so let me explain how the process is working:

Process of getting a successful SCEP Certificate

1. Client asks CA for the Public Certificate of the CA

2. Client compares CA Certificate with Fingerprint (delivered by config)

3. Client requests his certificate on HTTP with a Base64 encoded and Signed Package, including the following data

a) Signature

b) Client Certificate

c) Signed and unencrypted data (PKCS7) – including the following data:

I. List of Recipients and per recipient encrypted Encryption Key (CA is Recipient)

II. Encrypted Data (PCKSC10)

                • Subject Name
                • Public Key of Client
                • Challenge password
                • Requested Extentions
                • Signature Algorithm
                • Digital Signature

If the request was successful, the CA will send following data over HTTP to the Client:

1. Version

2. Hashing Algorithm

3. CA Certificate

4. Digital Signature

5. Signed and unencrypted data – including the following data:

a) Version

b) List of Recipients

c) Encrypted Data – including the following data:

            • Issued x.509 Certificate

So you can see, all security relevant information is wrapped into encrypted containers.

By Udo Jetschmanegg

It's about passion and sharing the knowledge! My slogan being a member in this great world of services. It's about feeling good, being satisfied and able to do your work in a timely manner. Therefore my aspirations and efforts are directed towards listening, and listening, and listening. Subsequently solving your issues, covering your topics and guide your focus on side-aspects which could affect you. Being a Trusted Advisor at different companies (Corporate to Enterprise, Consumer to Vendor) I know what matters & I have the peace of mind to convince, not to persuade. Subject Matter Expert • EUC Evangelist • Speaker • Trainer • Connecting the dots • Empathic • Overseas Experiences

Veraltete PHP-Version im Einsatz
Der Seiteninhaber muss die Version auf mindestens 7.3 erhhen.