 | 1 | initial version |
Here is the startup sequence of an IP phone getting a new CA and performing SCEP to get a new certficate signed by the new CA:
GET /---settings---.txt HTTP/1.1
HTTP/1.1 200 OK (text/plain)
GET /---logo---.jpg HTTP/1.1
HTTP/1.1 200 OK (JPEG JFIF image)
GET /---old-root-ca---.pem HTTP/1.1
HTTP/1.1 200 OK (text/plain)
GET /---old-issuing-ca---.pem HTTP/1.1
HTTP/1.1 200 OK (text/plain)
GET /---new-issuing-ca---.pem HTTP/1.1
HTTP/1.1 200 OK (text/plain)
GET /---new-root-ca---.pem HTTP/1.1
HTTP/1.1 200 OK (text/plain)
GET /certsrv/mscep/mscep.dll?operation=GetCACert&message=CAIdentifier HTTP/1.0
HTTP/1.1 200 OK (application/x-x509-ca-ra-cert)
GET /certsrv/mscep/mscep.dll?operation=PKIOperation&message=---base64-data--- HTTP/1.0
HTTP/1.1 200 OK (application/x-pki-message)
This overview has been scrubbed and I can't share more details as the trace contains customer data. But I hope this helps...
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.