So, am I right that OpenSSL has the means to make these PKCS7 files and the only new code development would be a network program to open connections and send and receive the appropriate stuff?
I wonder if some of the code could be cribbed fro some of those projects. Are any of them open source :-)
If somebody else is actively working on this, please warn me off...
Jon Barber wrote:
Charles B Cranston wrote:
SCEP is a standard proposed by Cisco (Simple Certificate Enrollment Protocol) see http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htmSorry for my ignorance, could you post a reference to SCEP? What would it take to manhandle a standard certificate into this format? Or is it a lot more difficult than that?
It basically uses PKCS7 to exchange requests, CRLs, certs etc between the CA / RA and an endpoint. You can't do it manually (at least not easily). There are quite a few examples on the Cisco site, just look at using IPSec VPN on PIX examples.
The projects I looked at that have SCEP are openca, ejbca and openscep. I also looked at Sun Certificate Server (now discontinued) and ended up using Microsoft Certificate Services on Win2000. RSA Keon CA supports SCEP, but I'm not rich enough to buy it.
Google is your friend.
Yeah, luckily SCEP got me to Simple Certificate Enrollment Protocol and that got me to the PDF version of the HTML file mentioned above, which I'm now going to fetch from the printer...
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
