ipsec scepclient Tool


ipsec scepclient [argument ...]

ipsec scepclient --help


The ipsec scepclient tool was an early client implementation of the Simple Certificate Enrollment Protocol (SCEP).

This tool was written in 2005 and only got marginal updates since then. Hence it implemented an old version of the SCEP Internet Draft (version 10/11 of draft-nourse-scep) and used the broken MD5 hash and single DES encryption algorithms as defaults.

With strongSwan version 5.9.8 ipsec scepclient will be replaced by the pki subcommands pki --scep and pki --scepca which implement the new SCEP RFC 8894 standard that was released in September 2020 and which supports trusted certificate renewal based on the existing client certificate.