This module implements a Simple Certificate Enrollment Protocol endpoint that is capable of signing and issuing certificates on behalf of a suitable client.
Based on configuration, parameters can be passed from the incoming certificate sign request embedded within the SCEP request, or explicit expressions, and a new certificate sign request with acceptable parameters is passed to suitably configured backend modules for request authorisation, certificate signing and issuing, and certificate storage.
The following SCEP operations are supported:
|GetCACaps||SCEP CA capabilities.|
|GetCACert||Return the CA certificate and RA certificate for this CA.|
|GetNextCACert||Return the next CA certificate that will be used for future signing.|
|PKIOperation PKCSReq||Request a certificate via a certificate sign request.|
|PKIOperation CertPoll (GetCertInitial)||Poll for a certificate that was previously requested.|
|PKIOperation GetCert||Request a copy of a previously issued certificate.|
This module can be configured to respond to SCEP client requests as implemented by iOS and MacOS.