SCEP (Simple Certificate Enrollment Protocol) is a protocol designed by Cisco. It specifies a way for a router to communicate with RAs and CAs for enrollment. Red Hat Certificate System 7.3 enables routers to enroll for a certificate from an RA using this protocol.
Routers can communicate with the RA using the SCEP protocol to:
Retrieve CA certificates
Submit a Certificate Request
Retrieve the issued certificate
Submit a status request if the Certificate Request is pending
SCEP specifies two modes of operation: RA mode; and CA mode.
In RA mode, the enrollment request is encrypted with the RA signing certificate. In CA mode, the request is encrypted with the CA signing certificate. The current implementation of RA and CA only supports CA mode.