Does OpenConnect handle SCEP?
marcuac at gmail.com
marcuac at gmail.com
Sun Apr 28 09:32:14 PDT 2024
On Sun, Apr 28, 2024 at 7:24 AM David Woodhouse <dwmw2 at infradead.org> wrote:
>
> On Sat, 2024-04-27 at 22:56 -0400, marcuac at gmail.com wrote:
> >
> > I've been looking online for an alternative to Cisco AnyConnect client
> > (which I haven't been able to get working on Linux) and I saw people
> > recommending OpenConnect. My workplace VPN is configured to do
> > certificate enrollment when connecting for the very first time, which
> > I believe is done through SCEP (simple certificate enrollment
> > protocol). I've installed and tried NetworkManager-openconnect but it
> > doesn't seem to do this initial certificate enrollment. Does
> > OpenConnect implement SCEP?
>
> It doesn't. And unless it's integrated with the protocol to the point
> where it *absolutely* necessary, I think I'd prefer it to remain that
> way — at least for OpenConnect *itself*.
>
> But if this is a setup that people need to use, we should definitely
> work out how to integrate it with an existing SCEP client.
Thanks for the quick reply. I agree about not spending resources on it
unless there's high enough demand, or unless OpenConnect is intended
as a fully equivalent drop-in replacement for Cisco AnyConnect. In the
meantime it might help to just add a section on
www.infradead.org/openconnect/anyconnect.html that mentions the lack
of SCEP.
Thanks!
More information about the openconnect-devel
mailing list