Hi, > The SCEP protocol doesn't support elliptic curve algorithms — It's RSA-only.
Just for reference, SCEP, as defined in the latest version of the draft, doesn't seem have that limitation anymore [1]. (strongSwan's scepclient is, of course, based on version 11 of the old draft, so...) Regards, Tobias [1] https://tools.ietf.org/html/draft-gutmann-scep-10#section-3.1