000022722 - How does auto-vetting with SCEP work in Keon Registration Authority?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022722
Applies ToKeon Certificate Authority 6.5.1
Keon Registration Authority 6.5.1
Microsoft Windows 2000 Server SP4
Simple Certificate Enrollment Protocol (SCEP)
IssueHow does auto-vetting with SCEP work in Keon Registration Authority?
If setting up auto-vetting, will the devices trying to connect in through Keon Registration Authority be able to connect as if they were coming in through Keon Certificate Authority?
ResolutionSCEP auto-vetting in Keon Registration Authority works the same as it does for Keon Certificate Authority, e.g. auto-vetting will be based on the source IP/host (not KRA's). The auto-vetting (e.g. the determination of whether to issue the certificate based on the source IP/host and the Jurisdiction configuration) takes place at KRA. If the request passes the auto-vetting stage at KRA, KRA will then communicate with KCA (using our own protocol, not SCEP) to issue the certificate (no further vetting takes place at KCA).
Legacy Article IDa29966