Does anyone know what ciphers SCEP supports from Cisco ISR routers? I know it uses PKCS#7 for securing the PKCS#10 messages but am not sure if when used from a Cisco ISR Router you can stipulate which cipher & key length to use for encryption of of the PKCS#7 envelope. Ideally we want to be able to use Triple-DES. Can anyone shed any light on this?
Thanks for the response ebreniz. It is the security of the initial enrolment request and any revocation requests that I am concerned with rather than the issuing of the certificate itself. If a party could capture an initial request and prevent it reaching the destination CA then they could attack the symmetric encyption and if weak enough discover the shared secret. This could potentially allow them to then generate their own request (with their own locally generated public/private keys) and then impersonate the genuine router. This could result in access being gained to an IPSEC network by the malicious party. I realise their are other mitigating factors such as setting a lifetime/expiration period on the shared secret but ideally want to ensure a strong cipher if used to protect the shared secret in the first place. Do you know if it is possible to use Triple-DES or AES for the encryption used by PKCS#7 in the SCEP certificate enrolment request?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...