SCEP certificate authorization sequence

I am trying to configured a PLC to perform a certification with a CA server but unsuccessful so far. Instead of getting into my specific configuration, could anyone provide a sample SCEP sequence of a successful session between client/server which does not use SSL? I know there are a lot of details that I just glossed over but I'm just trying to determine each step in a given simple sequence for a properly working system, so I can see where my setup "goes off the rails". Thanks!

Here is the startup sequence of an IP phone getting a new CA and performing SCEP to get a new certficate signed by the new CA:

GET /---settings---.txt HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---logo---.jpg HTTP/1.1 
HTTP/1.1 200 OK  (JPEG JFIF image)
GET /---old-root-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---old-issuing-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---new-issuing-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /---new-root-ca---.pem HTTP/1.1 
HTTP/1.1 200 OK  (text/plain)
GET /certsrv/mscep/mscep.dll?operation=GetCACert&message=CAIdentifier HTTP/1.0 
HTTP/1.1 200 OK  (application/x-x509-ca-ra-cert)
GET /certsrv/mscep/mscep.dll?operation=PKIOperation&message=---base64-data--- HTTP/1.0
HTTP/1.1 200 OK  (application/x-pki-message)

This overview has been scrubbed and I can't share more details as the trace contains customer data. But I hope this helps...

18.5k

SYN-bit

answered 2019-05-06 23:01:29 +0000

edit flag offensive 0 remove flag delete link

Comments

Yes it does - thanks SYN-bit!

npmilani (2019-05-07 04:36:08 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

SCEP certificate authorization sequence edit

Comments

1 Answer

Comments