SCEP Server Test Suite Data Sheet
Test Suite:
SCEP Server Test Suite
Direction:
Server

Simple Certificate Enrollment Protocol (SCEP) is a Public Key Infrastructure protocol for enrolling certificates in a controlled environment. SCEP is based on existing PKCS#7 and PKCS#10 standards, and uses HTTP for transporting protocol messages. A PKI client uses SCEP to request a certificate signing or certificate renewal from the Certification Authority (CA). SCEP can also be used to query existing certificates and certificate revocation lists. The SCEP Server test suite is designed for robustness testing of Certification Authority and Registration Authority (RA) implementations supporting SCEP protocol. The test suite acts as a malicious PKI client sending anomalous SCEP requests to CA, possibly via RA.

Used specifications

Specification
Title
Notes
draft-nourse-scep-23
Simple Certificate Enrollment Protocol

Tool-specific information

Tested messages
Notes
GetCACert request

Plaintextrequest for querying CA certificate

GetCACaps request

Plaintext request for querying next CA capabilities

GetNextCACert request

Plaintext request for querying next CA certificate

PKCSReq request

PKI-operation for certificate signing request

GetCertInitial request

Periodical PKI-operation in polling state when signing is pending

GetCert request

PKI-operation for querying existing certificate from CA

GetCRL request

PKI-operation for querying certificate revocation list from CA

Supported algorithms
Purpose
RSA

PKI-operations

Triple-DES

Encryption

MD5

Digest

SHA-1, SHA-256 and SHA-512

Digest

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis
Contact Us