Hello. We have just implemented SCEP (NDES) and its working fine. But as mention in the documentation, only HTTP is supported with the notation “HTTPS is not supported; however, all security critical data that are transferred between the SCEP client and other components are encrypted”. Now, that does not really satisfy me. How can the data in transit be secure if not encrypted using HTTPS?
maybe this helps:
german site – but can easily translated via google translate or others
> Conclusion
> There is no security risk in applying for a certificate via SCEP over HTTP without a Secure Sockets Layer, as the information transmitted is adequately protected by the SCEP protocol.
> The situation is different with the NDES administration website: SSL should definitely be activated here and its use enforced in order to prevent the administrators’ login data from being disclosed.
> www.gradenegger.eu/?p=1755 See the article ” Enable Secure Sockets Layer (SSL) for Network Device Enrollment Service (NDES) ” for setup .
Continue reading and comment on the thread ‘Is it safe to use http for SCEP NDES on IGEL OS?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!