Certificate enrollment via SCEP

An increasing number of certificate-based VPN connections are being used to provide secure communications via public networks. The high levels of security provided by certificates comes at the price of significantly higher levels of effort in the administration and distribution of certificates. Most of this effort arises at branch offices or home offices within a geographically dispersed network structure.

A VPN router requires the following components to establish a certificate-based VPN connection from a remote site to the network at the headquarters:

Important: The SCEP client supports one certificate per usage type (VPN, WLAN controller). For the CAs, the setting "General" can be selected along with the usage type. If a general CA is entered, this CA is used for all certificates.

In the case of a conventionally structured VPN with certificates, the keys and certificates have to be loaded into each device manually and exchanged before they expire. The Simple Certificate Enrollment Protocol (SCEP) enables a secure and automatic distribution of certificates via a suitable server, so reducing the effort of roll-out and maintaining certificate-based network structures. There is no need for an external application to generate the key pair and subsequently transfer it to the device. Instead, the key pair is generated directly by the VPN router itself; the private portion of the key never has to leave the device, which results in a significant gain in security. A VPN router can automatically retrieve the CA root certificate and its own certificate from a central location.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo