CAcert is currently working to get a SCEP Interface running, to be able to issue certificates through SCEP.
Clients that NEED SCEP:
- VPN Clients (Cisco?)
- PGP (for X.509 certificates)
SCEP Variants:
NetTools PKI
- Verisign
- Windows 2000
- Entrust
- IPlanet
We are currently trying to use the SCEP Interface from http://www.openca.org/
Alternative: OpenSCEP: http://openscep.othello.ch/
Problems we have faced:
- PGP does not send Host: in the HTTP protocol, therefore it is not VHost compatible. Always implement SCEP servers on the default VHost!