02-04-2014 02:34 AM
Hi,
I am currently doing some testing to figure out an optimal solution for providing a PKI for multiple customer VPNs (IKE authentication).
I would like to implement
- SCEP for enrollment
- manual admin permission for first enrollment
- automatic re-enrollment in case a certificate times out (without any manual admin approval)
- automatic renewal of CA certificate
- Certificate Revocation Mechanism for all VPN peers (required for full mesh VPNs)
So far I have tested
- Cisco IOS CA - works like a charm - unsure about scalability, manageability and multi-customer support
- Windows 2008 CA - real pain to work with, couldn't get all requirements implemented unitl now
What would you recommend?
02-04-2014 04:32 AM
Can't say whether it will meet all your requirments but check also http://www.ejbca.org/
02-04-2014 04:35 AM
Thanks!
I already heard of ejbca and its SCEP capability. This will be the next on the list to try if no other proposals sound better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide