SCEP for Windows 2008

Hubert Mayr-Kneilling · ‎02-18-2010

Hello,

customer is using a cisco-router to terminate VPN-Connections. The connections are verified using a CA-Server running Windows 2003 via SCEP.

Now customer is upgrading his server environment to Windows 2008. In a white-paper from Microsoft I found that SCEP is supported only withe Enterprise or DATA-Center Edition of Windows 2008.

Is it true, that customer needs an enterprise edition just to be able to communicate with his cisco-router?

Is there another implemenation, other than SCEP?

Any help and comments are welcome!

regards

Hubert

Ivan Martinon · ‎02-18-2010

SCEP is used to enroll certificates online, I believe it is also used to check CRL lists from the CA server, if your routers are constantly enrolling to this certificate server then you will need SCEP, on the other hand, certificate enrollment can be performed offline using manual enrollment. This will apply for any vpn client connecting to the router as well.

jimsiff · ‎02-21-2010

Unfortunately, the NDES service (SCEP) is only supported on Enterprise or Datacenter versions of WS 2008 or 2008 R2. There is an Open Source package called OpenCA which supports SCEP. It could be installed as an intermediate CA to the Microsoft Root CA to handle the SCEP enrollment requests.

http://www.openca.org/projects/openca/

Jim

aranyushkin · ‎12-13-2011

Hi guys!

Are there any other solutions to use Cisco-VPN+etokens without bying enterprise version of windows server? Has anyone tested cisco IOS CA + etokens? How to enroll certificates to eTokens from cisco CA? Any advices about that will be helpfull.

Thank you!