Tobias, Jason,
thanks for your fast reply and precise explanation. Unfortunately, AD CS does
not provide CMP or EST and given that SCEP originally only supported RSA I
doubt that the AD CS NDES (SCEP) supports ECDSA anyway.
We will have to look for a different way to mass deploy (and renew)
certificates, maybe the AD CS Certificate Enrollment Webservices.
Best Regards
Markus
Am 13.06.18, 17:03 schrieb "Users im Auftrag von Tobias Brunner"
<users-boun...@lists.strongswan.org im Auftrag von tob...@strongswan.org>:
Hi,
> The SCEP protocol doesn't support elliptic curve algorithms — It's
RSA-only.
Just for reference, SCEP, as defined in the latest version of the draft,
doesn't seem have that limitation anymore [1]. (strongSwan's scepclient
is, of course, based on version 11 of the old draft, so...)
Regards,
Tobias
[1] https://tools.ietf.org/html/draft-gutmann-scep-10#section-3.1
smime.p7s
Description: S/MIME cryptographic signature
