[Openswan Users] CA server issue with cisco
Ming-Ching Tiew
mctiew at yahoo.com
Wed May 21 01:53:38 EDT 2008
--- On Tue, 5/20/08, Ming-Ching Tiew <mctiew at yahoo.com> wrote:
> From: Ming-Ching Tiew <mctiew at yahoo.com>
> Subject: Re: [Openswan Users] CA server issue with cisco
> To: users at openswan.org
> Date: Tuesday, May 20, 2008, 10:56 PM
> --- On Tue, 5/20/08, Paul Wouters <paul at xelerance.com>
> wrote:
>
> > From: Paul Wouters <paul at xelerance.com>
> > Subject: Re: [Openswan Users] CA server issue with
> cisco
> > To: "Ming-Ching Tiew"
> <mctiew at yahoo.com>
> > Cc: users at openswan.org
> > Date: Tuesday, May 20, 2008, 7:23 PM
> > On Tue, 20 May 2008, Ming-Ching Tiew wrote:
> >
> > > > Is it using OCSP? There is support for that.
> > > >
> > >
> > > Thanks for the information. I did some checking
> on
> > OCSP. It seems that OCSP has more to do with
> certificate
> > status, while I am have seen here, is more of a
> certificate
> > management stuff but perform over http.
> > >
> > > On checking, I found something on SCEP and an
> > implementation called OpenSCEP. I will verify to see
> if the
> > OpenSCEP will meet this ( because the doc I have on
> the
> > Cisco IPSEC does not specifically mention the word
> SCEP, it
> > just say ca enrolment using http ).
> >
I am almost 100% sure SCEP is what I need now. But unfortunately OpenSCEP is something very very old, and it won't compile on today's library now. My next possibility is OpenCA, it seems to support SCEP too.
Sorry this is kind of off-topic to OpenSwan, however, I still feel that it's related to openswan. Would appreciate if anyone has additional info on this. I am going to try out OpenCA later.
Cheers.
More information about the Users
mailing list