

MIIHCgYJKoZIhvcNAQcCoIIG%2BzCCBvcCAQExDjA. The enrollment request is sent as a HTTP GET request. A packet capture for the request looks similar to this: /cgi-bin/pkiclient.exe?operation=PKIOperation&message= This has to be done via an out-of-band method (a phone call to a system administrator or pre-configuration of the fingerprint within the trustpoint). The client needs to validate that the CA certificate is trusted through an examination of the fingerprint/hash. The response is simply the binary-encoded CA certificate (X.509). A packet capture for the request looks similar to this: GET /cgi-bin/pkiclient.exe?operation=GetCACert Response The request is sent as a HTTP GET request. As a result, it is necessary to obtain a copy of the CA certificate. SCEP uses the CA certificate in order to secure the message exchange for the CSR.


