SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

AutoSscep - Simple automatic certificate enroller Copyright (c) Alberto Forino 2004. All rights reserved See the file COPYRIGHT for licensing information

WHAT IS AUTOSSCEP?

AUTOSSCEP is an automatic x509 certificate enroller based on SCEP (Simple Certificate Enrollment Protocol). It provides VPN users an easy maintenance of their certificates. It was developed in S.P.E. laboratories starting from Sscep client by Jarkko Turkulainen and it's based on OpenSSL toolkit library.

WHAT SCEP?

(from internet drafts)
SCEP (Simple Certificate Enrollment Protocol)is a PKI communication protocol which leverages existing technology by using PKCS#7 and PKCS#10. SCEP is the evolution of the enrollment protocol developed by Verisign, Inc. for Cisco Systems, Inc. It now enjoys wide support in both client and CA implementations.

HOW TO COMPILE

The program should be compiled on Unix system with OpenSSL libraries . In order to compile you have to run the make command in the sources directory

$ make

HOW TO USE

To use Autoscep you need the configuration file. Write it by using the HOWTOCONFIGURE manual. After that you can run AutoSscep by passing the configuration file as argument.

$ autosscep myconf.conf

Version of autosscep can be displayed with -version option

$ autosscep -version

HOW DOES IT WORK

If you specify in the config file one (or more) existent certificate(s) Autoscep checks the expiration date and enrolls if it's required. If you specify a non existent certificate Autoscep requests it at the specified CA creating a certification request PKCS#10 based on the data specified in the config file.
If the CA returns the certificate enrolled AutoSscep writes it in the specified directory and renames the old certificate in [certname].old otherwise, if the CA returns a pending message , AutoScep saves the transaction ID in the certs directory in [certname].pending. It will be used to resume the transaction. (To run AutoSscep succefully you need the read/write permission on the certificates, CAs and the keys directories.) Before starting a new scep transaction AutoSscep checks [certname].pending file. If the file exists AutoSscep starts the transaction with the identifier saved into the file.
If the CA returns an error status code, AutoSscep displays the error code and the error description (by internet drafts) and then AutoSscep exits or tries another certificate transaction. At the end AutoSscep summarizes the situation displaying certificates state or errors occurred

REFERENCES

Scep specification:
http://www.ietf.org/internet-drafts/draft-nourse-scep-09.txt

OpenSSL library and program
http://www.openssl.org
http://www.columbia.edu/~ariel/ssleay/

SScep program and source
http://www.klake.org/~jt/sscep/

Understand PKI
http://ospkibook.sourceforge.net/

Internet X.509 PKI Certificate and CRL Profile, RFC 2459 http://www.ietf.org/rfc/rfc2459.txt?number=2459

S.P.E. Sistemi e Progetti Elettronici
http://www.spe.net

TESTING

Autosscep has been tested successfully with - OpenCA server
- Win2000 server CA + Microsoft SCEP module - VeriSign Onsite
- SSH Certifier


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.