|
Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as being referenced in other industry standards. The protocol is designed to make the issuing of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments. SCEP is the most popular, widely available and most tested certificate enrollment protocol. Although it is widely used, for example by the iOS Operating System, concerns have been raised that it is not able to "strongly authenticate certificate requests made by users or devices".〔US-CERT Vulnerability Note: (Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests )〕 Since exactly the same issues apply to other certificate issue protocols such as Certificate Management Protocol and Certificate Management over CMS it's not clear how real this concern is. After being effectively abandoned by its original sponsors around 2010, the internet draft describing the protocol 〔(Simple Certificate Enrollment Protocol ) Internet-Draft〕 was revived in 2015 due to its widespread use in industry and in other standards, updating the algorithms used and correcting numerous issues in the original specification, which had accumulated a considerable amount of detritus over time. ==Implementations== The following software provides support for SCEP: * Meraki ((Certificate Management )) * Ascertia ((Certificate Registration, Revocation & Recovery )) * (Nexus Certificate Manager ) * cryptlib (C) * (Network Device Enrollment Service ) (Windows Server 2008)-(Windows Server 2012) * (OpenCA ) (Perl) * (OpenSCEP ) (Perl) * (jscep ) (Java) * EJBCA (Java Enterprise Edition) * (OpenTrust PKI ) (Perl) * (Dogtag ) * wolfSSL (CyaSSL ) * Mikrotik ((part of RouterOS )) * (sscep ) * XiPKI (Java), Open source CA and OCSP responder, SCEP server and client (with support of the latest SCEP specification draft-gutmann-scep-00), OSGi-based. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Simple Certificate Enrollment Protocol」の詳細全文を読む スポンサード リンク
|