Thanks for the info. We've looked at OpenCA but it utilizes openssl so I figured it would be possible to do some command-line testing. I think OpenSCEP is dead from what I gleaned... hasn't been updated in quite a while anyway last time I looked. I've looked over OpenCA and I must say, the docs are incomplete and SCEP isn't promised until 0.9.2. Its frustrating. Seems like someone would be "famous" if they provided a good open-source solution. Thanks again.
In message <[EMAIL PROTECTED]>, Jon Barber writes: >Sly Upah wrote: > >>Is anyone using openssl with Cisco VPN gadgets? I could use some instructions >>(anything on the web?) with the steps involved in setting up our own CA to >>test the possibilty of this. I have setup a self-signed root CA. But, what to >>do next is a little unclear. Cisco's use of the term "identity certificate" >>has me perplexed at the moment. We just want to simply do a manual test of >>the certificates involved before we get too deep in this. We're hoping we >>don't have to use Thawte, Entrust, etc. as that will quickly become too expensive for >>our univeristy. Thanks. >> >> >> >You need a CA with support for SCEP. These aren't that widespread. We >ended up using Microsoft Certificate Services on a Win 2000 server, >although OpenCA is looking promising. There is also OpenSCEP, which I >don't know if it is still being supported. Please let me know if you >find a decent & inexpensive CA that can do all this. > >There's plenty of examples on Ciscos web site. > >Regards, > >Jon. > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]