Ask Your Question
0

SCEP certificate authorization sequence

asked 2019-05-06 20:37:19 +0000

I am trying to configured a PLC to perform a certification with a CA server but unsuccessful so far. Instead of getting into my specific configuration, could anyone provide a sample SCEP sequence of a successful session between client/server which does not use SSL? I know there are a lot of details that I just glossed over but I'm just trying to determine each step in a given simple sequence for a properly working system, so I can see where my setup "goes off the rails". Thanks!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-05-06 23:01:29 +0000

SYN-bit gravatar image

Here is the startup sequence of an IP phone getting a new CA and performing SCEP to get a new certficate signed by the new CA:

GET /---settings---.txt HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---logo---.jpg HTTP/1.1 
HTTP/1.1 200 OK  (JPEG JFIF image)
GET /---old-root-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---old-issuing-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---new-issuing-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---new-root-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /certsrv/mscep/mscep.dll?operation=GetCACert&message=CAIdentifier HTTP/1.0 
HTTP/1.1 200 OK  (application/x-x509-ca-ra-cert)
GET /certsrv/mscep/mscep.dll?operation=PKIOperation&message=---base64-data--- HTTP/1.0
HTTP/1.1 200 OK  (application/x-pki-message)

This overview has been scrubbed and I can't share more details as the trace contains customer data. But I hope this helps...

edit flag offensive delete link more

Comments

Yes it does - thanks SYN-bit!

npmilani gravatar imagenpmilani ( 2019-05-07 04:36:08 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-05-06 20:37:19 +0000

Seen: 774 times

Last updated: May 06 '19