SCEP (Simple Certificate Enrollment Protocol) is a protocol designed by Cisco. It is designed to specify a way for a router to communicate with an RA/CA for enrollment.
Normally, a router installer enters the RA's URL and a Challenge password (sometimes referred as a one-time PIN) into the router and issues a command to initiate the enrollment. The router then communicates with the RA using the SCEP protocol to:
Retrieve CA requests
Submit a PKCS#10 request
Retrieve the issued certificate
Queries the request status if the request is pending
SCEP suggests two modes of operation: RA mode; and CA mode. In the RA mode, the enrollment request is encrypted with the RA signing certificate. In the CA mode, the request is encrypted with the CA signing certificate.
The current implementation of RA and CA only supports the CA mode.