| Description |
This article describes how to get the CA certificate from a CMS object. Simple Certificate Enrolment Protocol (SCEP) is a PKI protocol that leverages existing technology by using Cryptographic Message Syntax (CMS, formerly known as PKCS #7) and PKCS #10 over HTTP. SCEP is the evolution of the enrolment protocol sponsored by Cisco Systems. |
| Scope | Knowledge of troubleshooting SCEP. |
| Solution |
During the SCEP troubleshooting process, it may be necessary to validate the SCEP CA's root certificate from a packet capture. SCEP uses the CMS object to change secure information.
BASIC Concepts: Cryptographic Message Syntax: The Cryptographic Message Syntax (CMS) is the IETF's standard for cryptographically protected messages. It can be used by cryptographic schemes and protocols to digitally sign, digest, authenticate or encrypt any form of digital data. CMS is based on the syntax of PKCS #7.
PKCS #7: In cryptography, PKCS #7 is a standard syntax for storing signed and/or encrypted data. PKCS #7 is one of the family of standards called Public-Key Cryptography Standards (PKCS) created by RSA Laboratories. More here.
A packet capture from a previous communication between FortiGate and the SCEP server will be required.
After saving this file in a folder, use the online tool http://ldh.org/asn1.html.
Upload the file and copy the value obtained on the input window.
After that, paste this value into this online tool.
Paste the copied value into this online tool and then press Decode.
The certificate shows in a clean view:
|
