On August 6, the Internet2 wiki will transition to spaces.at.internet2.edu. There will be an edit freeze on this space as of August 3 at 5 p.m (EDT).

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
h2. Simple Certificate Enrollment Protocol

The _Simple Certificate Enrollment Protocol_ (SCEP, rhymes with “step”) is an X.509 certificate enrollment protocol that uses PKCS#7 and PKCS#10 over HTTP.

* http://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_Protocol
* http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm
* http://tools.ietf.org/id/draft-nourse-scep-21.txt

Apple uses SCEP for "over the air" certificate enrollment on the iPhone:

* http://images.apple.com/iphone/business/docs/iPhone_MDM.pdf
* http://images.apple.com/iphone/business/docs/iPhone_OTA_Enrollment_Configuration.pdf
* http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

For more information about SCEP and the iPhone, perform this google search:

{pre}Simple Certificate Enrollment Protocol iphone site:apple.com{pre}

On the iPhone, the SCEP protocol is bootstrapped by typing a username/password into a Safari browser window (which immediately suggests that federated access may be possible).

An interesting application of SCEP:

* http://www.egeniq.com/2010/10/14/mobile-phones-for-two-factor-and-step-up-authentication/