sscep: illegal URL https

Question

sscep: illegal URL https

Closed this issue 3 years ago · 6 comments

amelroua commented 3 years ago

Hello,

I'm using sscep for linux client (ubuntu), I'm trying to enroll over https to NDES (ADCS) but I get this error:

sscep: illegal URL https://FQDN/certsrv/mscep/mscep.dll/pkiclient.exe?

I 'm using an SSL certificate in my NDES but I cannot find the reason of this issue.

Answer 1 · 2021-12-03T13:49:07.000Z

SCEP is transported over HTTP, not HTTPS

Answer 2 · 2022-07-12T06:30:41.000Z

SCEP is transported over HTTP, not HTTPS
How to implement SCEP over HTTPS?

Answer 3 · 2022-07-12T06:34:26.000Z

https://www.rfc-editor.org/rfc/rfc8894.html#name-use-of-http

Answer 4 · 2022-07-12T12:42:47.000Z

I must agree with Martin's observation here, the design of the protocol is deliberate, where security is addressed at a message level, not the transport level. This bootstraps the need for, and secure delivery of your first certificate.

The question becomes more interesting in an HTTP/3 world, but we may be looking at alternative asymmetric key algorithms by then.

Answer 5 · 2022-07-21T06:29:37.000Z

https://www.rfc-editor.org/rfc/rfc8894.html#name-use-of-http

Thanks. As we know HTTP is not secure enough. Why don't replace it for HPPTS.

Answer 6 · 2022-07-21T06:31:06.000Z

Because the SCEP RFC says so and it's stupid.