2

The SCEP (Simple Certificate Enrollment Protocol) is the more like the defacto protocol for device enrollment. It pushes the digital certificates to the device which can be used for authentication, and other cryptographic purposes.

Can CMP be used instead of the SCEP? Since CMP is the standard protocol to communicate with any CA that implements it, can an application residing on the device (say a mobile/laptop) use CMP to communicate with a CA to request a certificate and install it in the device which can then be used for the authentication purposes? And possible the whole life-cycle management of the device identity.

always_a_rookie
  • 99
  • 9

1 Answers1

2

Yes!

Just make sure your device has a toolkit / library for communicating over the CMP protocol, and you should be good to go!

In particular, the 3GPP chose CMP as the main protocol for LTE mobile devices to request certs from a CA, update certs when they expire, and other lifecycle management operations. To facilitate the mobile device use-case, they made some additions to the CMP spec - now CMPv2 - so if your use-case needs some of the mobile-specific CMPv2 message types, then make sure you pick a CA that has CMPv2 support.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • Do devices running android or iOS come with any default toolkit/library with the CMP support? or would it be an add-on/3rd party? Could you please provide an example or two.. – always_a_rookie Dec 14 '16 at 21:32
  • I honestly have no idea. I would start by googling "android cmp library" / "ios cmp library" and see what comes up. If they don't support it natively in the OS, then surely there are open-source libraries on github. – Mike Ounsworth Dec 14 '16 at 21:49