Simple Certificate Enrollment Protocol (SCEP)

Created
2020-03-25
Last Updated
2020-11-06
Available Formats

XML

HTML

Plain text

Registries included below

SCEP Message Types

Registration Procedure(s)
Specification Required
Expert(s)
Peter Gutmann
Reference
[RFC8894]
Available Formats

CSV
Value Name Description Reference
0 Reserved [RFC8894]
1-2 Unassigned
3 CertRep Response to certificate or CRL request. [RFC8894]
4-16 Unassigned
17 RenewalReq PKCS #10 certificate request authenticated with an existing certificate. [RFC8894]
18 Unassigned
19 PKCSReq PKCS #10 certificate request authenticated with a shared secret. [RFC8894]
20 CertPoll Certificate polling in manual enrolment. [RFC8894]
21 GetCert Retrieve a certificate. [RFC8894]
22 GetCRL Retrieve a CRL. [RFC8894]
23-255 Unassigned

SCEP CA Capabilities

Registration Procedure(s)
IETF Review
Reference
[RFC8894]
Available Formats

CSV
Keyword Description Reference
AES CA supports the AES128-CBC encryption algorithm. [RFC8894]
DES3 CA supports the triple DES-CBC encryption algorithm. [RFC8894]
GetNextCACert CA supports the GetNextCACert message. [RFC8894]
POSTPKIOperation CA supports PKIOPeration messages sent via HTTP POST. [RFC8894]
Renewal CA supports the Renewal CA operation. [RFC8894]
SHA-1 CA supports the SHA-1 hashing algorithm. [RFC8894]
SHA-256 CA supports the SHA-256 hashing algorithm. [RFC8894]
SHA-512 CA supports the SHA-512 hashing algorithm. [RFC8894]
SCEPStandard CA supports all mandatory-to-implement sections of the SCEP standard. This keyword implies "AES", "POSTPKIOperation", and "SHA-256", as well as the provisions of Section 2.9 of [RFC8894]. [RFC8894]