[strongSwan] scepclient and EC pubkey support
Markus P. Beckhaus
markus at beckhaus.com
Thu Jun 14 17:31:13 CEST 2018
Tobias, Jason,
thanks for your fast reply and precise explanation. Unfortunately, AD CS does not provide CMP or EST and given that SCEP originally only supported RSA I doubt that the AD CS NDES (SCEP) supports ECDSA anyway.
We will have to look for a different way to mass deploy (and renew) certificates, maybe the AD CS Certificate Enrollment Webservices.
Best Regards
Markus
Am 13.06.18, 17:03 schrieb "Users im Auftrag von Tobias Brunner" <users-bounces at lists.strongswan.org im Auftrag von tobias at strongswan.org>:
Hi,
> The SCEP protocol doesn't support elliptic curve algorithms — It's RSA-only.
Just for reference, SCEP, as defined in the latest version of the draft,
doesn't seem have that limitation anymore [1]. (strongSwan's scepclient
is, of course, based on version 11 of the old draft, so...)
Regards,
Tobias
[1] https://tools.ietf.org/html/draft-gutmann-scep-10#section-3.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2006 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180614/417060f0/attachment.bin>
More information about the Users
mailing list