02-04-2014 02:34 AM
Hi,
I am currently doing some testing to figure out an optimal solution for providing a PKI for multiple customer VPNs (IKE authentication).
I would like to implement
- SCEP for enrollment
- manual admin permission for first enrollment
- automatic re-enrollment in case a certificate times out (without any manual admin approval)
- automatic renewal of CA certificate
- Certificate Revocation Mechanism for all VPN peers (required for full mesh VPNs)
So far I have tested
- Cisco IOS CA - works like a charm - unsure about scalability, manageability and multi-customer support
- Windows 2008 CA - real pain to work with, couldn't get all requirements implemented unitl now
What would you recommend?
02-04-2014 04:32 AM
Can't say whether it will meet all your requirments but check also http://www.ejbca.org/
02-04-2014 04:35 AM
Thanks!
I already heard of ejbca and its SCEP capability. This will be the next on the list to try if no other proposals sound better.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: