[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Cisco and automatic renewal (signature with old certificate)
Hi,
I've been subscribed to this mailing list for about two years
now and haven't seen any traffic at all - let's see if someone
else is actually subscribed.
I am with the OpenXPKI project, we're building an open source PKI
which includes an SCEP server. I was wondering if it is possible
at all to use the automatic renewal (signature with the existing
certificate) feature which was introduced in later versions of
the draft (and is implemented for example in CertNanny, another
open source project) with Cisco routers? From the documentation,
I'd have guessed that this is what is used when the 'regnerate' option
is specified to generate a new key (it looks like if this is not
specified, the router uses the old key and in turn the old
transaction ID, which in our case leads to returning the old
certificate ...?), but it looks like the request is self-signed
with the new key ...
BTW, if anyone is interested in SCEP client testing against OpenXPKI,
I guess I could set up a public test SCEP server ...
Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink@xxxxxxxxx
mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer:
Bad Homburg v. d. Höhe | | Martin Bartosch