=>From: [EMAIL PROTECTED]
=>...
=>Has anyone done any SCEP work with OpenSSL? I need to receive a
=>PKCS#10 certificate request from a client and use SCEP to get a
=>certificate from a CA. I've got some of the work done, but I guess
=>there's no need to reinvent the wheel if there's open source stuff
=>available.
Popular subject these days! I've been able to unbundle a PKCS10
certificate request as sent by a Cisco PIX firewall, but I have not
yet been able to generate the appropriate replies.
To unpack the request, take the "message" parameter that is sent in
the URL query string, BASE64-decode it, and pipe it to "openssl pkcs7
-inform der -print_certs". This will print out the certificate
request, which you can sign using normal procedure.
As I said, I still haven't figured out how to generate the replies,
but I believe that you can BASE64-encode the resulting certificate
and type it in directly to a Cisco router (but alas, I don't think
this works with the PIX).
d.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
