SCEP for Windows 2008

Unanswered Question
Feb 18th, 2010


customer is using a cisco-router to terminate VPN-Connections. The connections are verified using a CA-Server running Windows 2003 via SCEP.

Now customer is upgrading his server environment to Windows 2008. In a white-paper from Microsoft I found that SCEP is supported only withe Enterprise or DATA-Center Edition of Windows 2008.

Is it true, that customer needs an enterprise edition just to be able to communicate with his cisco-router?

Is there another implemenation, other than SCEP?

Any help and comments are welcome!



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Thu, 02/18/2010 - 09:07

SCEP is used to enroll certificates online, I believe it is also used to check CRL lists from the CA server, if your routers are constantly enrolling to this certificate server then you will need SCEP, on the other hand, certificate enrollment can be performed offline using manual enrollment. This will apply for any vpn client connecting to the router as well.

jimsiff Sun, 02/21/2010 - 02:44

Unfortunately, the NDES service (SCEP) is only supported on Enterprise or Datacenter versions of WS 2008 or 2008 R2.  There is an Open Source package called OpenCA which supports SCEP.  It could be installed as an intermediate CA to the Microsoft Root CA to handle the SCEP enrollment requests.


aranyushkin Tue, 12/13/2011 - 03:22

Hi guys!

Are there any other solutions to use Cisco-VPN+etokens without bying enterprise version of windows server? Has anyone tested cisco IOS CA + etokens? How to enroll certificates to eTokens from cisco CA? Any advices about that will be helpfull.

Thank you!


This Discussion