SCEP

SCEP (Simple Certificate Enrollment Protocol) is a PKI infrastructure protocol used by many manufacturers of network equipment and software who develop simplified methods for requesting and obtaining certificates for large-scale implementation of ordinary users. SCEP is a project of the Internet Engineering Council ( IETF ) working group, addressing many IETF specifications, and also refers to other industry standards.

The protocol was originally developed by Cisco Systems ^[1] and then documented by the Internet Engineering Council of IETF ^[2] . Its goal was to simplify the process of issuing digital certificates X.509 and make it as scalable as possible. Any network user should be able to request a digital certificate electronically as simple as possible. These processes usually required the intensive involvement of network administrators, so they were not suitable for large-scale deployments.

SCEP is by far the most popular, widely available, and trusted X.509 certificate automated registration protocol. Despite the fact that it has been widely used for a long time (for example, by the Cisco IOS family of operating systems), problems of authenticity of authentication of certificate requests made by users or devices have been raised. Since this kind of problem is being investigated when applied to other certificate issuing protocols, such as Certificate Management Protocol ( CMP ) and certificate management through CMS , it is not clear how real this problem is with regard to SCEP.

After its authors abandoned it around 2010, the Internet project describing the protocol was revived in 2015 due to its widespread use in industry and other standards. Numerous updates to the algorithms used and fixes to the problems of the original specification, which have accumulated in significant numbers over time, are supported.