Java SCEP (Cisco Simple Certificate Enrollment Protocol) Client with experimental extensions

Java SCEP client is an opensource (GPL) implementation of a SCEP client in java. It is used to distribute X.509 certificates. It is fully supporting SCEP as documented in the IETF draft draft-nourse-scep-05.txt. SCEP, as officially proposed, only supports PKCS#10 certificate requests. We support, as an experimental feature to evaluate it's consequences, SPKAC certificate requests and requests made by proxies. The documentation contains (Appendix A) a proposal for the further extension of the SCEP protocol such that it supports SPKAC and proxies. Our motivation for the extension are web browsers. Our client implementation includes a http server which acts as a generic proxy for a SCEP server. This proxy server takes standard PKCS#10 and SPKAC from web browsers like Mozilla, Netscape or Internet Explorer, creates a SCEP key request and forwards it to a SCEP server. It furthermore polls the SCEP server till the signed key is available. As soon as the key is available the proxy requests it and distributes it back to the browser which than automatically installes it as a valid certificate. The whole process is fully automated. The only manual interaction is required at the server side (SCEP server) to validate the request. Currently only OpenSCEP version 0.4.2, as avilable from the OpenSCEP homepage (local mirror), supports this properitary extension. This implementation is the result of a research project conducted at the Department of Computer Science, University of Applied Sciences Rapperswil, Switzerland, during late 2001/early 2002.




Last updated: august 2005, UR.