Certificate enrollment via SCEP protocol

As part of Trust Protection Platform, the VEDSCEP application server manages certificate signing requests (CSR) and renewals for Simple Certificate Enrollment Protocol (SCEP) certificates. SCEP certificates protect network mobile devices that are SCEP-enabled.

An external SCEP client, such as a network device or testing tool like SSCEP, can perform the following functions: 

  • Initiate a certificate enrollment.

    The VEDSCEP server accepts a PKCS #10 certificate signing request (CSR).

  • Request a certificate renewal.

    The renewal requests are signed by prior (expiring) certificate.

  • Retrieve a CA and RA certificate from the VEDSCEP server.

For example, a SCEP client initiates enrollment requests to the VEDSCEP server. VEDSCEP creates certificate objects in Trust Protection Platform and marks them to be worked on by the system. The VEDSCEP server acts as an intermediary registration authority (RA) to the CA that signs certificates. The signed and encrypted format is PKCS #7.

Trust Protection Platform manages requests based on one or more CA templates. The CA must support CSR requests that do not need prior authorization.

TIP  To browse topics in this section, use the menu on the left side of this page.