SCEP Protocal

SCEP Protocol: Enabling User Enrollment and Capability Management

The Simple Certificate Enrollment Protocol (SCEP) is a widely used protocol for automating certificate enrollment and management within a Public Key Infrastructure (PKI). It facilitates secure communication between a client device and a Certificate Authority (CA), enabling the provisioning of digital certificates and the management of certificate lifecycles.

Client-Server Communication

SCEP utilizes a client-server model where clients initiate requests and servers provide responses. Clients send messages to the server containing various request types, such as GET, PKIOperation, and SubCAcert. The server processes the requests, validates the information, and generates the appropriate response messages.

SCEP Capabilities Supported by emCA

emCA supports the following SCEP capabilities:

1. GET: Clients can retrieve information from the server, such as the CA certificate or supported capabilities.

2. PKIOperation: Clients can perform various PKI operations, including:

   • Enroll: Clients can enroll for new certificates by submitting CSRs to the CA.

   • Cert-Poll: Clients can check the status of pending certificate requests.

   • Revoke: Clients can request the revocation of existing certificates.

3. SubCAcert: Clients can request the SubCA certificate from the CA to establish trust in the SubCA's certificates.

4. GetCACert: Clients can retrieve the CA certificate from the server.