[strongSwan] scepclient and EC pubkey support
Christian Salway
christian.salway at naimuri.com
Thu Jun 14 20:07:51 CEST 2018
What about Vault [1]?
[1] https://www.vaultproject.io/ <https://www.vaultproject.io/>
> On 14 Jun 2018, at 16:31, Markus P. Beckhaus <markus at beckhaus.com> wrote:
>
> Tobias, Jason,
>
>
>
> thanks for your fast reply and precise explanation. Unfortunately, AD CS does not provide CMP or EST and given that SCEP originally only supported RSA I doubt that the AD CS NDES (SCEP) supports ECDSA anyway.
>
>
>
> We will have to look for a different way to mass deploy (and renew) certificates, maybe the AD CS Certificate Enrollment Webservices.
>
>
>
> Best Regards
>
>
>
> Markus
>
>
>
>
>
> Am 13.06.18, 17:03 schrieb "Users im Auftrag von Tobias Brunner" <users-bounces at lists.strongswan.org im Auftrag von tobias at strongswan.org>:
>
>
>
> Hi,
>
>
>
>> The SCEP protocol doesn't support elliptic curve algorithms — It's RSA-only.
>
>
>
> Just for reference, SCEP, as defined in the latest version of the draft,
>
> doesn't seem have that limitation anymore [1]. (strongSwan's scepclient
>
> is, of course, based on version 11 of the old draft, so...)
>
>
>
> Regards,
>
> Tobias
>
>
>
> [1] https://tools.ietf.org/html/draft-gutmann-scep-10#section-3.1
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180614/40011e4e/attachment.html>
More information about the Users
mailing list