Closed kasi1999999 closed 2 years ago
SCEP as a proxy (sometimes called RA I think) to another CA is definitely possible and I don't know of anything that would prevent a proxy or translation to ACME. That said: there's no code built-in to do any of this. If you're willing to write code take a look at the SignCSR interface:
Oh one other note: Let's Encrypt uses different types of challenges. Getting the SCEP to ACME translation working would require handling those challenges on behalf of the SCEP client. Seems doable but that's another element you'd have to figure out.
Hello SCEP team, is it possible to configure scep utility to act as a CA proxy - my router would be configured to use scep server for issue certificate, then the scep server would use ACME to forward it to Lets Encrypt. If it is possible, can you please provide working sample configuration? Thanks. Stefan