I understand that Cisco's Simple Certificate Enrolment Protocol can work eitherno, the scep itself uses http as transportation layer, but an scep device should be able to fetch a
via LDAP or over HTTP. Has anyone successfully got this working with OpenCA, so
that Cisco VPN routers can authenticate themselves against the CA? If so,
please let me know if we can dialogue further on this issue.
crl via http or ldap or scep...
at the current cvs version is nearly fully functional scep support available so basically have to do nothing than giving the scep system a cert and a key (like apache ssl certs) - this is in the config.xml
after that it should work fully transparent - means: if a scep enabled device or client sends a scep request - you will see it like any other request in the ra and than you just process it than usal
an issued cert will be automatically send to the scep client when requests
the next time for it (if its available at the ra or the host you have put the scep
interface on)
what i can confirm is cisco-pix and cisco-vpn-clint are working with it and sscep
so the cisco vpn-router should work with it too ;o) just follow the instructions for your scep device
if you havn't changed the pre-installation values you can acces the scep-interface
through: http://host/cgi-bin/scep/scep
if you would like to test you can try here: (its openca with scep interface) i can also issue a testcert and you will see if the device accepts it ;o) (if i find your request...) use this url in your device: http://www.datenschleuder.org/pki/cgi-bin/ca-002/scep/scep and tell him its an ra (at least at pix you can say ca or ra, this is importend for the device to use the right certs for encrypting requests)
this ra/ca is for testing at the moment - so you are inveted to check your device
would be nice if you could than say which its exactly, so we have a confirmance
for interoperability...
if you have any further questions - just contact me i will see if i can help...
greetings dalini
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
