SCEP allows the automated enrollment of certificates to network devices when the network devices do not have accounts in Active Directory Domain Services (AD DS). SCEP delivers the certificate in a secure manner through the user of a registration authority (RA).
Figure 27-1. The SCEP enrollment process
The SCEP enrollment process (shown in Figure 27-1) involves eight distinct steps:
The network device generates a Rivest Shamir Adleman (RSA) public-private key pair. The device generates an RSA public-private key pair and specifies whether the key is enabled for signing and signature verification, ...