{"id":44,"date":"2017-08-04T13:14:36","date_gmt":"2017-08-04T12:14:36","guid":{"rendered":"https:\/\/igelize.it\/?p=44"},"modified":"2022-05-02T10:19:34","modified_gmt":"2022-05-02T09:19:34","slug":"why-dont-we-need-to-do-scep-with-ssl","status":"publish","type":"post","link":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/","title":{"rendered":"Why don\u2019t we need to do SCEP with SSL?"},"content":{"rendered":"<div class=\"page\" title=\"Page 2\">\n<div class=\"section\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>by Christian T. Drieling \u2013 4. August 2017<\/p>\n<p>Customers often ask why SCEP is done by HTTP and not HTTPS because they think it is insecure, so let me explain how the process is working:<\/p>\n<p>Process of getting a successful SCEP Certificate<\/p>\n<p style=\"padding-left: 40px;\">1. Client asks CA for the Public Certificate of the CA<br \/>\n2. Client compares CA Certificate with Fingerprint (delivered by config)<br \/>\n3. Client requests his certificate on HTTP with a Base64 encoded and Signed Package, including the following data<\/p>\n<p style=\"padding-left: 80px;\">a) Signature<br \/>\nb) Client Certificate<br \/>\nc) Signed and unencrypted data (PKCS7) \u2013 including the following data:<\/p>\n<p style=\"padding-left: 120px;\">I. List of Recipients and per recipient encrypted Encryption Key (CA is Recipient)<\/p>\n<p style=\"padding-left: 120px;\">II. Encrypted Data (PCKSC10)<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Subject Name<\/li>\n<li>Public Key of Client<\/li>\n<li>Challenge password<\/li>\n<li>Requested Extentions<\/li>\n<li>Signature Algorithm<\/li>\n<li>Digital Signature<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>If the request was successful, the CA will send following data over HTTP to the Client:<\/p>\n<ol>\n<li>Version<\/li>\n<li>Hashing Algorithm<\/li>\n<li>CA Certificate<\/li>\n<li>Digital Signature<\/li>\n<li>Signed and unencrypted data \u2013 including the following data:<\/li>\n<\/ol>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Version<\/li>\n<li>List of Recipients<\/li>\n<li>Encrypted Data \u2013 including the following data:\n<ul>\n<li>Issued x.509 Certificate<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"page\" title=\"Page 3\">\n<div class=\"section\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>So you can see, all security relevant information is wrapped into encrypted containers.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>by Christian T. Drieling \u2013 4. August 2017 Customers often ask why SCEP is done by HTTP and not HTTPS because they think it is insecure, so let me explain how the process is working: Process of getting a successful SCEP Certificate 1. Client asks CA for the Public Certificate of the CA 2. Client [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":49,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,14],"tags":[16,17,18],"class_list":["post-44","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-certificate","category-security","tag-certificate","tag-scep","tag-ssl"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud\" \/>\n<meta property=\"og:description\" content=\"by Christian T. Drieling \u2013 4. August 2017 Customers often ask why SCEP is done by HTTP and not HTTPS because they think it is insecure, so let me explain how the process is working: Process of getting a successful SCEP Certificate 1. Client asks CA for the Public Certificate of the CA 2. Client [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/\" \/>\n<meta property=\"og:site_name\" content=\"IGELize the Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-04T12:14:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-02T09:19:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1709\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Udo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@iamudoj\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Udo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/\"},\"author\":{\"name\":\"Udo\",\"@id\":\"https:\\\/\\\/igelize.it\\\/#\\\/schema\\\/person\\\/cd9adf6b126c277320716aff0d065ffc\"},\"headline\":\"Why don\u2019t we need to do SCEP with SSL?\",\"datePublished\":\"2017-08-04T12:14:36+00:00\",\"dateModified\":\"2022-05-02T09:19:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/\"},\"wordCount\":188,\"image\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/igelize.it\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg\",\"keywords\":[\"certificate\",\"scep\",\"ssl\"],\"articleSection\":[\"Certificate\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/\",\"url\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/\",\"name\":\"Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/igelize.it\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg\",\"datePublished\":\"2017-08-04T12:14:36+00:00\",\"dateModified\":\"2022-05-02T09:19:34+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/#\\\/schema\\\/person\\\/cd9adf6b126c277320716aff0d065ffc\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#primaryimage\",\"url\":\"https:\\\/\\\/igelize.it\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/igelize.it\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg\",\"width\":2560,\"height\":1709},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/2017\\\/08\\\/04\\\/why-dont-we-need-to-do-scep-with-ssl\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/igelize.it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why don\u2019t we need to do SCEP with SSL?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/igelize.it\\\/#website\",\"url\":\"https:\\\/\\\/igelize.it\\\/\",\"name\":\"IGELize the Cloud\",\"description\":\"It\u2019s about passion &amp; sharing the knowledge\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/igelize.it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/igelize.it\\\/#\\\/schema\\\/person\\\/cd9adf6b126c277320716aff0d065ffc\",\"name\":\"Udo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g\",\"caption\":\"Udo\"},\"sameAs\":[\"https:\\\/\\\/igelize.it\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/udojetschmanegg\\\/\",\"https:\\\/\\\/x.com\\\/iamudoj\"],\"url\":\"https:\\\/\\\/igelize.it\\\/index.php\\\/author\\\/udo_etophuxh\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/","og_locale":"en_US","og_type":"article","og_title":"Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud","og_description":"by Christian T. Drieling \u2013 4. August 2017 Customers often ask why SCEP is done by HTTP and not HTTPS because they think it is insecure, so let me explain how the process is working: Process of getting a successful SCEP Certificate 1. Client asks CA for the Public Certificate of the CA 2. Client [&hellip;]","og_url":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/","og_site_name":"IGELize the Cloud","article_published_time":"2017-08-04T12:14:36+00:00","article_modified_time":"2022-05-02T09:19:34+00:00","og_image":[{"width":2560,"height":1709,"url":"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg","type":"image\/jpeg"}],"author":"Udo","twitter_card":"summary_large_image","twitter_creator":"@iamudoj","twitter_misc":{"Written by":"Udo","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#article","isPartOf":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/"},"author":{"name":"Udo","@id":"https:\/\/igelize.it\/#\/schema\/person\/cd9adf6b126c277320716aff0d065ffc"},"headline":"Why don\u2019t we need to do SCEP with SSL?","datePublished":"2017-08-04T12:14:36+00:00","dateModified":"2022-05-02T09:19:34+00:00","mainEntityOfPage":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/"},"wordCount":188,"image":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#primaryimage"},"thumbnailUrl":"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg","keywords":["certificate","scep","ssl"],"articleSection":["Certificate","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/","url":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/","name":"Why don\u2019t we need to do SCEP with SSL? - IGELize the Cloud","isPartOf":{"@id":"https:\/\/igelize.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#primaryimage"},"image":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#primaryimage"},"thumbnailUrl":"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg","datePublished":"2017-08-04T12:14:36+00:00","dateModified":"2022-05-02T09:19:34+00:00","author":{"@id":"https:\/\/igelize.it\/#\/schema\/person\/cd9adf6b126c277320716aff0d065ffc"},"breadcrumb":{"@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#primaryimage","url":"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg","contentUrl":"https:\/\/igelize.it\/wp-content\/uploads\/2022\/04\/ilya-pavlov-OqtafYT5kTw-unsplash-scaled.jpg","width":2560,"height":1709},{"@type":"BreadcrumbList","@id":"https:\/\/igelize.it\/index.php\/2017\/08\/04\/why-dont-we-need-to-do-scep-with-ssl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/igelize.it\/"},{"@type":"ListItem","position":2,"name":"Why don\u2019t we need to do SCEP with SSL?"}]},{"@type":"WebSite","@id":"https:\/\/igelize.it\/#website","url":"https:\/\/igelize.it\/","name":"IGELize the Cloud","description":"It\u2019s about passion &amp; sharing the knowledge","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/igelize.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/igelize.it\/#\/schema\/person\/cd9adf6b126c277320716aff0d065ffc","name":"Udo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b894663de69232d4efbd98aca8d9da96e58253a13519cfc2769fe7c47552a111?s=96&d=mm&r=g","caption":"Udo"},"sameAs":["https:\/\/igelize.it","https:\/\/www.linkedin.com\/in\/udojetschmanegg\/","https:\/\/x.com\/iamudoj"],"url":"https:\/\/igelize.it\/index.php\/author\/udo_etophuxh\/"}]}},"_links":{"self":[{"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/posts\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/comments?post=44"}],"version-history":[{"count":1,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/posts\/44\/revisions"}],"predecessor-version":[{"id":45,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/posts\/44\/revisions\/45"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/media\/49"}],"wp:attachment":[{"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/media?parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/categories?post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/igelize.it\/index.php\/wp-json\/wp\/v2\/tags?post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}