Tobias, Jason,
thanks for your fast reply and precise explanation. Unfortunately, AD CS does not provide CMP or EST and given that SCEP originally only supported RSA I doubt that the AD CS NDES (SCEP) supports ECDSA anyway. We will have to look for a different way to mass deploy (and renew) certificates, maybe the AD CS Certificate Enrollment Webservices. Best Regards Markus Am 13.06.18, 17:03 schrieb "Users im Auftrag von Tobias Brunner" <users-boun...@lists.strongswan.org im Auftrag von tob...@strongswan.org>: Hi, > The SCEP protocol doesn't support elliptic curve algorithms — It's RSA-only. Just for reference, SCEP, as defined in the latest version of the draft, doesn't seem have that limitation anymore [1]. (strongSwan's scepclient is, of course, based on version 11 of the old draft, so...) Regards, Tobias [1] https://tools.ietf.org/html/draft-gutmann-scep-10#section-3.1
smime.p7s
Description: S/MIME cryptographic signature